On Mon, 2007-02-12 at 14:36 -0500, Alan Cox wrote:
> The point was that what you appear to be trying
> to do maps directly onto the existing uid/gid security.
Yea, that's correct. In other words I'm not suggest to modify any file
systems to record uid_t:gid_t:session_t instead of just uid_t:gid_t.
So f-u-s will come with the caveat that any login session (even remote)
can use any device / service available to any other login session of the
same user. And I think that's fine; we just have to release note it
somewhere.
(and the other things I'm saying are 1) we really want revoke() to
ensure privacy of sessions on the same seat; and 2) it would be nice to
use a kernel mechanism rather than the rather ugly XDG_SESSION_COOKIE
mechanism.)
David
--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers
--
Fedora-maintainers-readonly mailing list
Fedora-maintainers-readonly@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
