On Thu, 2009-08-27 at 09:04 -0400, Daniel J Walsh wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=518569 > > The discussion surrounds potentially adding setcon function to vstfpd > to drop level to a level appropriate the the user when he logs in. > The discussion is around using MCS for this, but I guess I could see > some utilization around MLS. > > Not sure MLS would go for it though since there is a potential for > information leak. I'm not sure I like it this idea, but I wanted to throw it out anyway: why not just change to the user's complete login context (or a context that is a subset of it), rather than just the level? -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
