On Mon, 2006-07-10 at 14:56 -0500, Klaus Weidner wrote: ... > > It should be ok to use newrole on a local or serial console where the > entire communication chain to the user can be relabeled sanely, but ssh > logins should force the session to run at the label of the incoming > network connection. > > -Klaus > > --
Would that hinder a remote administration scenario where the ssh login occurs on a network with a default level which is below the high-water mark of the system labels but greater that the low level? We'd like the incoming ssh account to be a non-administrative role, then have them su/newrole to an administrative role. Do you see any issues with this? LCB. -- LC Bruzenak [EMAIL PROTECTED] -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
