On Fri, Jul 07, 2006 at 04:47:46PM -0400, Stephen Smalley wrote: > On Fri, 2006-07-07 at 15:55 -0500, Klaus Weidner wrote: > > Would it work to have newrole relabel the pty (maybe in a PAM session > > module?), so that the controlling low process won't be able to read from > > it? > > newrole already relabels the tty.
I checked, it does relabel /dev/pts/3, but the SystemLow controlling process is still permitted to read/write the master end of the pty. -Klaus -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
