[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sshd transition points

To: Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
Subject: Re: sshd transition points
From: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Date: Wed, 16 Feb 2005 08:10:25 -0500
Cc: SE-Linux <selinux@xxxxxxxxxxxxx>, g@xxxxxxxx
In-reply-to: <20050216000437.GD30341@xxxxxxxx>
Organization: National Security Agency
References: <20050215155323.GC23765@xxxxxxxx> <1108491293.17854.153.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050215191640.GA26294@xxxxxxxx> <1108495342.17854.200.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050215200355.GB26294@xxxxxxxx> <20050215225329.GH26294@xxxxxxxx> <20050215231707.GC29523@xxxxxxxx> <20050216000437.GD30341@xxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Tue, 2005-02-15 at 19:04, Luke Kenneth Casson Leighton wrote:
> ... isn't this a _lot_ simpler than pissing about creating hard-coded
> security contexts, or fiddling around adding kludges into libselinux
> to be able to create security contexts or read some pseudo-default?

Auto-magically changing the context passed in by the setcon(3) by the
application considered harmful.  If the application wants such
derivations, it calls security_compute_create() first, then calls
setcon() on the result.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton

References:
- sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Stephen Smalley
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Stephen Smalley
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton

Prev by Date: Re: sshd transition points
Next by Date: Re: Bootup problems
Previous by thread: Re: sshd transition points
Next by thread: Re: sshd transition points
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.