On Fri, 2010-01-22 at 07:48 -0500, Daniel J Walsh wrote: > Any comments? What should we add? What should we remove? > > http://sradvan.fedorapeople.org/SELinux_FAQ/#id2654720 Does the su command change my SELinux identity and role? A: The su command performs full domain transitions and changes your role. This is easier than using the newrole command as newrole requires you to enter two passwords - one to identify as the user, and another to identify as root. Other forms of Linux/UNIX® identity change, for example setuid(2), do not cause an SELinux identity change. This is not correct. su(1) does not change SELinux security context (it did in RHEL4, but not in RHEL5 or modern Fedora). sudo can change SELinux role and type depending on command line options and/or the config, but not by default I believe. -- Stephen Smalley National Security Agency -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
