On Dec 13, 2007 8:25 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On Thu, 2007-12-13 at 04:30 -0800, Reed, Tim (US SSA) wrote: > > Good point. That is why I was looking for test cases or something. > > > > I am going to explore Stephen suggestion more of making the lack of a > > tty non-fatal. But won't we want newrole to have a tty so that it can > > send/receive input from the user? That is the reason why I was having > > it creating a pseudo tty. > > > > Suggestions..... > > You said you wanted to be able to use newrole while detached from any > tty, thus no input is possible there. Right? > > So if you have newrole or the subsequent application use a pam module > that requires a tty, it is going to fail regardless in that situation. > Your situation presumes that you aren't using pam modules that require a > tty. > > Only thing to check is to make sure that the pam modules fail gracefully > in that situation and newrole correctly exits with an error in that > case. > > > -- > Stephen Smalley > National Security Agency > > Right, but doesn't pam_unix exec unix_chkpwd and wait for it to exit? Or will unix_chkpwd fail because there isn't a tty? -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
