[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sshd transition points

To: Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
Subject: Re: sshd transition points
From: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Date: Wed, 16 Feb 2005 08:41:12 -0500
Cc: SE-Linux <selinux@xxxxxxxxxxxxx>
In-reply-to: <20050216135108.GN31121@xxxxxxxx>
Organization: National Security Agency
References: <20050215155323.GC23765@xxxxxxxx> <1108491293.17854.153.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050215191640.GA26294@xxxxxxxx> <1108495342.17854.200.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050215200355.GB26294@xxxxxxxx> <20050215205728.GC26294@xxxxxxxx> <1108558973.19756.45.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050216135108.GN31121@xxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Wed, 2005-02-16 at 08:51, Luke Kenneth Casson Leighton wrote:
>  ah, but because the unprivileged child process in this instance manages
>  the networking, and because i wish to restrict users on a per-IP basis
>  from being able to log in, i _do_ want to associate a user-specific
>  domain with the unprivileged child process.

I'm not sure that this makes sense; isn't the monitor process and the
unprivileged child process created _before_ authenticating the user?  It
isn't until you create the user privileged child process that you have
an authenticated user identity.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton

References:
- sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Stephen Smalley
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Stephen Smalley
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton
- Re: sshd transition points
  - From: Stephen Smalley
- Re: sshd transition points
  - From: Luke Kenneth Casson Leighton

Prev by Date: Re: sshd transition points
Next by Date: Re: sshd transition points
Previous by thread: Re: sshd transition points
Next by thread: Re: sshd transition points
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.