Stephen Smalley (sds@xxxxxxxxxxxxx) said: > On Wed, 2005-09-21 at 16:13 -0400, Bill Nottingham wrote: > > There's an open bug for changing sulogin to handle multiple > > accounts with uid 0. Wouldn't it also be useful to change > > it to check roles as well (for strict policy)? > > Can you elaborate a little, or point to the bugzilla entry? 135154/168982. Basically, it currently only authenticates as 'root', while the suggestion was to allow it to authenticate as any user who has uid 0, even if that's not 'root'. > It presently just uses the default context for "root" from sulogin's > domain, where the default can be altered via the default_contexts > configuration. Were you thinking of having it allow the user to select > a context if multiple contexts are returned like pam_selinux does? That's one option. What I initially thought was that, if you have multiple users who are sysadm_r (or whatever), that it would allow you to authenticate as any of them. Bill -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
