Stephen Smalley wrote: > Early Fedora and RHEL-4 put pam_selinux in /etc/pam.d/su in an effort to > automatically change contexts upon user identity changes. This proved > to be a mistake in practice (and a deviation from the original SELinux > approach), and was subsequently removed in later Fedora and RHEL-5. BTW, is there any further explanation of why this is a mistake? And question #2, I think sudo still does this, isn't that a mistake too? Michal Svoboda
Attachment:
pgpRX654c1Mib.pgp
Description: PGP signature
