Re: selinux from user POV - Thorsten Kukuk

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Thorsten Kukuk <kukuk@suse.de>
To: SELinux@tycho.nsa.gov
Subject: Re: selinux from user POV
Date: Tue, 14 Oct 2003 21:46:24 +0200	[thread overview]
Message-ID: <20031014194624.GA1655@suse.de> (raw)
In-Reply-To: <1066141498.5054.138.camel@moss-spartans.epoch.ncsc.mil>

On Tue, Oct 14, Stephen Smalley wrote:

> On Sat, 2003-10-11 at 14:29, Joshua Brindle wrote:
> > This is going to be contraversial, I know, but this is something that
> > is fairly important to me and others I know of on this list.
> > 
> > Being a user on an SELinux machine is currently not good.. Ideally
> > it should be totally transparent but there are some issues. Mainly, 
> > right now, a user can't even add a .ssh directory and put their
> > ssh key in authorized_keys2 and then log in with it without the 
> > admin having to relabel (or at least label those objects) . 
> 
> Put an empty .ssh directory in the /etc/skel directory and assign it the
> correct type there, and modify useradd to preserve types when copying
> the skeleton directory for new accounts.  Then when a user creates files

The useradd implementation from the next pwdutils release (2.3.96)
will preserve all extended attributes when copying /etc/skel, this
means ACLs and SELinux attributes.

  Thorsten

-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE Linux AG        Deutschherrnstr. 15-19        D-90429 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

     prev parent reply	other threads:[~2003-10-14 19:46 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-10-11 18:29 selinux from user POV Joshua Brindle
2003-10-12  3:09 ` Russell Coker
2003-10-12  5:27   ` Brian May
2003-10-12  9:01     ` Russell Coker
2003-10-12  3:52 ` Brian May
2003-10-12  6:55 ` How to get Xfree86 to run - old API Michael Reilly
2003-10-12  7:38   ` Russell Coker
2003-10-12 23:09     ` Michael Reilly
2003-10-14 14:24 ` selinux from user POV Stephen Smalley
2003-10-14 19:46   ` Thorsten Kukuk [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20031014194624.GA1655@suse.de \
    --to=kukuk@suse.de \
    --cc=SELinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.