On Thu, 2009-08-27 at 10:16 -0400, Christopher J. PeBenito wrote: > On Thu, 2009-08-27 at 09:04 -0400, Daniel J Walsh wrote: > > https://bugzilla.redhat.com/show_bug.cgi?id=518569 > > > > The discussion surrounds potentially adding setcon function to vstfpd > > to drop level to a level appropriate the the user when he logs in. > > The discussion is around using MCS for this, but I guess I could see > > some utilization around MLS. > > > > Not sure MLS would go for it though since there is a potential for > > information leak. > > I'm not sure I like it this idea, but I wanted to throw it out anyway: > why not just change to the user's complete login context (or a context > that is a subset of it), rather than just the level? What happens if we just add pam_selinux entries to /etc/pam.d/vsftpd, and add a system_r:ftpd_t entry to the default_contexts configuration? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
