Le Tue, 06 May 2014 15:11:28 -0400, Daniel J Walsh <dwalsh@xxxxxxxxxx> a écrit : > No, only thing that should not be called after pam_selinux open is an > app that wants to run a priv command. pam_selinux open is setting the > user context, so any apps that are executed after the open will be > executed in the users context, Any app that is executed before the > open will be executed as the context of the login program. > > pam_selinux will also change the labels on ttys. Thanks for your answer, I guess I'll have to change what's Debian is currently doing, and change to Fedora's way (pam_loginuid before pam_selinux open and the rest after) _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
