I read previous discussions about it here. The argument IIRC is that making the default context staff_t adds a little bit of security. IMHO, it adds no security whatsoever, since `ssh -l root hostname -t su -' gets you to sysadm_r without asking for a password. So how about changing the default policy such that ssh selects sysadm_r by default, which should minimize the inconvenience without really losing anything in terms of security? -- Alexandre Oliva http://www.ic.unicamp.br/~oliva/ Red Hat Compiler Engineer aoliva@{redhat.com, gcc.gnu.org} Free Software Evangelist oliva@{lsd.ic.unicamp.br, gnu.org}
