On Thursday, December 23, 2010 03:09:11 pm Daniel J Walsh wrote: > Theoretically we have this. > > unconfined_login -> on Allow a user to login as an > unconfined domain > > (Not sure it works. I didn't know that one but it seems it's not working on Fedora 12 (I'll switch to Fedora 14 soon I know :) After doing: setsebool unconfined_login off ..and then tried to connect (as a regular unconfined user), pstree shows: |-sshd(`unconfined_u:system_r:sshd_t:s0-s0:c0.c1023') | `-sshd(`unconfined_u:system_r:sshd_t:s0-s0:c0.c1023') | `-sshd(`unconfined_u:system_r:sshd_t:s0-s0:c0.c1023') | `-bash(`unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023') ... it transitioned into unconfined_t .so the boolean is not working here. > Well one thing you could try is to disable the unconfineduser policy > package, This would eliminate the unconfined_t from your system > altogether. > > Then you would have to setup the admin (root) to log in as sysadm_t. I'll check into this. Never used sysadm_t before. Thanks, Jorge -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
