On Thu, 2007-12-13 at 04:30 -0800, Reed, Tim (US SSA) wrote: > Good point. That is why I was looking for test cases or something. > > I am going to explore Stephen suggestion more of making the lack of a > tty non-fatal. But won't we want newrole to have a tty so that it can > send/receive input from the user? That is the reason why I was having > it creating a pseudo tty. > > Suggestions..... You said you wanted to be able to use newrole while detached from any tty, thus no input is possible there. Right? So if you have newrole or the subsequent application use a pam module that requires a tty, it is going to fail regardless in that situation. Your situation presumes that you aren't using pam modules that require a tty. Only thing to check is to make sure that the pam modules fail gracefully in that situation and newrole correctly exits with an error in that case. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
