[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changing context with UID - doubt

To: Bartlomiej Balcerek <Bartlomiej.Balcerek@xxxxxxxxxxx>
Subject: Re: Changing context with UID - doubt
From: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Date: Tue, 11 Jan 2005 10:09:25 -0500
Cc: SELinux@xxxxxxxxxxxxx
In-reply-to: <Pine.GSO.4.44.0501091400340.4757-100000@xxxxxxxxxxxxxxxxxxx>
Organization: National Security Agency
References: <Pine.GSO.4.44.0501091400340.4757-100000@xxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Sun, 2005-01-09 at 08:37, Bartlomiej Balcerek wrote:
> Hello,
> I'am still newbie in SELinux. I'am confused, if SELinux can
> automaticaly change process context when changing system EUID ?
> My process executes shell with different EUID, which just executes another
> subprocess. I want that subprocess to run in role or domain coupled
> with its EUID, defined in "user" file. It is possible in SELinux ?

No, SELinux has its own user identity attribute, and does not use the
Linux uids for its own access control or transition decisions (although
the existing Linux DAC checks are still applied as well).  See the User
Identity Model section of
http://www.nsa.gov/selinux/papers/policy2/x87.html.
 
-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

References:
- Changing context with UID - doubt
  - From: Bartlomiej Balcerek

Prev by Date: Re: Added is_context_configurable function
Next by Date: Re: Multiple contexts
Previous by thread: Changing context with UID - doubt
Next by thread: Re: Changing context with UID - doubt
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.