On Thu, 2004-04-15 at 17:29, Stephen Smalley wrote: > Yes, I think that this was wrong earlier in default_contexts and > subsequently changed. console login might still default to sysadm_r. No, looks like the latest default_contexts also puts staff_r before sysadm_r for console logins, so those should also go to staff_r by default for non-root users authorized for both roles. Note that you may need to restorecon /root/.default_contexts to get it into the right type; otherwise, login/sshd/gdm can't read it. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
