pam_selinux requirements are generally pretty simple: its used to associate a
context with a login shell.
With systemd things have becomes a bit more complicated.
systemd uses pam_selinux to associate a context with both a login shell (via
container-shell@.service) as well as with a systemd
I was just reminded of the fact that role and range transitions cannot be
conditional in kernel policy.
Is this technically impossible? Why can type transitions be conditional in
kernel policy but not role and range transitions?
--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D
On Tue, 2017-09-05 at 15:24 -0700, Chenbo Feng via Selinux wrote:
> On Fri, Sep 1, 2017 at 5:50 AM, Stephen Smalley
> wrote:
> > On Thu, 2017-08-31 at 13:56 -0700, Chenbo Feng wrote:
> > > From: Chenbo Feng
> > >
> > > Introduce 5 LSM hooks to provide finer
On Thu, 2017-09-07 at 11:05 +0200, Dominick Grift wrote:
> pam_selinux requirements are generally pretty simple: its used to
> associate a context with a login shell.
>
> With systemd things have becomes a bit more complicated.
>
> systemd uses pam_selinux to associate a context with both a
On Thu, Sep 07, 2017 at 04:30:36PM +0200, Dominick Grift wrote:
> On Thu, Sep 07, 2017 at 03:56:36PM +0200, Dominick Grift wrote:
> > On Thu, Sep 07, 2017 at 03:50:02PM +0200, Dominick Grift wrote:
> > > On Thu, Sep 07, 2017 at 03:30:47PM +0200, Dominick Grift wrote:
> > > > On Thu, Sep 07, 2017
On Thu, Sep 07, 2017 at 03:22:42PM +0200, Dominick Grift wrote:
> On Thu, Sep 07, 2017 at 08:55:23AM -0400, Stephen Smalley wrote:
> > On Thu, 2017-09-07 at 11:05 +0200, Dominick Grift wrote:
> > > pam_selinux requirements are generally pretty simple: its used to
> > > associate a context with a
On Thu, Sep 07, 2017 at 03:30:47PM +0200, Dominick Grift wrote:
> On Thu, Sep 07, 2017 at 03:22:42PM +0200, Dominick Grift wrote:
> > On Thu, Sep 07, 2017 at 08:55:23AM -0400, Stephen Smalley wrote:
> > > On Thu, 2017-09-07 at 11:05 +0200, Dominick Grift wrote:
> > > > pam_selinux requirements are
On Thu, Sep 07, 2017 at 03:56:36PM +0200, Dominick Grift wrote:
> On Thu, Sep 07, 2017 at 03:50:02PM +0200, Dominick Grift wrote:
> > On Thu, Sep 07, 2017 at 03:30:47PM +0200, Dominick Grift wrote:
> > > On Thu, Sep 07, 2017 at 03:22:42PM +0200, Dominick Grift wrote:
> > > > On Thu, Sep 07, 2017
On 09/03/2017 08:19 AM, Nicolas Iooss wrote:
When compiling libsepol with clang and some warning flags, the compiler
complains about the way IPv6 addresses are initialized:
kernel_to_cil.c:2795:35: error: suggest braces around initialization
of subobject [-Werror,-Wmissing-braces]
On Thu, 2017-09-07 at 14:26 +0200, Dominick Grift wrote:
> I was just reminded of the fact that role and range transitions
> cannot be conditional in kernel policy.
>
> Is this technically impossible? Why can type transitions be
> conditional in kernel policy but not role and range transitions?
On Thu, Sep 07, 2017 at 08:55:23AM -0400, Stephen Smalley wrote:
> On Thu, 2017-09-07 at 11:05 +0200, Dominick Grift wrote:
> > pam_selinux requirements are generally pretty simple: its used to
> > associate a context with a login shell.
> >
> > With systemd things have becomes a bit more
On Thu, Sep 07, 2017 at 03:50:02PM +0200, Dominick Grift wrote:
> On Thu, Sep 07, 2017 at 03:30:47PM +0200, Dominick Grift wrote:
> > On Thu, Sep 07, 2017 at 03:22:42PM +0200, Dominick Grift wrote:
> > > On Thu, Sep 07, 2017 at 08:55:23AM -0400, Stephen Smalley wrote:
> > > > On Thu, 2017-09-07 at
12 matches
Mail list logo