Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This patch is needed for sudo. > > Also added setkeycreatecon, although this will not work the way the > code is currently. > > Pam activity should probably be happening after setkeycreatecon and > setexeccon > > But I am not sure how pam_keyinit should work here any ways. > > Currently you loose access to your keying material when you su or > sudo. > > These things will not be labeled corectly as currently used. Thanks, I've merged that into the sudo tree. I think I understand why setkeycreatecon and setexeccon ought to be called before PAM. I am correct in believing that the tty does _not_ need to be relabeled before calling PAM since the conversation function runs in the current context? - todd -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
