On Wed, 2005-09-21 at 16:32 -0400, Bill Nottingham wrote: > 135154/168982. Basically, it currently only authenticates > as 'root', while the suggestion was to allow it to authenticate > as any user who has uid 0, even if that's not 'root'. Ok, so the get_ordered_context_list() call would then take the username they chose instead of always being "root", I suppose. They would then need to define that user in policy and authorize them for sysadm_r (or comparable role) to make it work cleanly. > That's one option. What I initially thought was that, if you > have multiple users who are sysadm_r (or whatever), that it would > allow you to authenticate as any of them. Ah, I see. We don't have a good interface yet to allow sulogin to get such a list of users with a particular role, although the ongoing libsepol/libsemanage work by Ivan should help there. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
