From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
To: SE-Linux <selinux@tycho.nsa.gov>, 249784@bugs.debian.org
Subject: updated - but irrelevant (with pam enabled) - SE/Linux patch
Date: Thu, 20 May 2004 15:01:47 +0000 [thread overview]
Message-ID: <20040520150147.GG8810@lkcl.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 594 bytes --]
the attached patch to kdm/backends/client.c has been updated,
but is not relevant _if_ the line:
session required pam_selinux.so
is added to /etc/pam.d/kdm.
l.
--
--
expecting email to be received and understood is a bit like
picking up the telephone and immediately dialing without
checking for a dial-tone; speaking immediately without listening
for either an answer or ring-tone; hanging up immediately and
believing that you have actually started a conversation.
--
<a href="http://lkcl.net"> lkcl.net </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />
[-- Attachment #2: f --]
[-- Type: text/plain, Size: 1264 bytes --]
--- ../client.c 2004-05-20 14:55:49.000000000 +0000
+++ kdm/backend/client.c 2004-05-20 08:51:43.000000000 +0000
@@ -45,6 +45,11 @@
#include <pwd.h>
#include <grp.h>
+#ifdef WITH_SELINUX
+#include <selinux/get_context_list.h>
+#include <selinux/selinux.h>
+#endif
+
#ifdef SECURE_RPC
# include <rpc/rpc.h>
# include <rpc/key_prot.h>
@@ -1086,6 +1091,29 @@
systemEnviron);
/*
+ * for Security Enhanced Linux,
+ * set the default security context for this user.
+ */
+#ifdef WITH_SELINUX
+ if (is_selinux_enabled() > 0)
+ {
+ security_context_t scontext;
+ if (p != NULL && p->pw_name != NULL &&
+ get_default_context(p->pw_name,NULL,&scontext))
+ {
+ LogError("Failed to get default security context for %s.", curuser);
+ SessionExit (EX_NORMAL);
+ }
+ Debug("setting security context to %s", scontext);
+ if (setexeccon(scontext)) {
+ freecon(scontext);
+ LogError("Failed to set exec security context %s for %s.", scontext, curuser);
+ SessionExit (EX_NORMAL);
+ }
+ freecon(scontext);
+ }
+#endif
+ /*
* for user-based authorization schemes,
* add the user to the server's allowed "hosts" list.
*/
reply other threads:[~2004-05-20 15:04 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040520150147.GG8810@lkcl.net \
--to=lkcl@lkcl.net \
--cc=249784@bugs.debian.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.