Also how would you allow the user to select the context they will login 
as if there are more then one?  Unless we remove this capability and 
always force users to use newrole.

Dan

Stephen Smalley wrote:

>On Fri, 2003-08-22 at 10:09, Russell Coker wrote:
>  
>
>>A modification to PAM could allow the sshd, login, and cron patches to go 
>>away.
>>
>>Theodore Ts'o suggested to me that a new PAM call be added to run the shell 
>>which takes appropriate parameters about user-name etc.  Then a SE Linux 
>>version of this module could change the security context appropriately, thus 
>>requiring only one copy of the code to determine the context to use, and not 
>>requiring any on-going modification to applications.
>>
>>This design concept sounds really good, and as it's Ted's suggestion I don't 
>>expect any great resistance to accepting the patch upstream once it's been 
>>tested and proven to work.
>>
>>I've been meaning to work on this for almost a year, I might start work next 
>>week.
>>    
>>
>
>If you investigate this idea, be sure to work from the new SELinux
>patches that use the new SELinux API, not the old one.  Note that the
>new SELinux API is better suited to encapsulation within PAM, since the
>exec context is now an attribute of the process that can be set prior to
>the execve call.  PAM could call setexeccon() when it ordinarily sets
>the user's credentials.  This avoids the need to create a new PAM call,
>or to alter the execve call itself.
>
>While you may be able to move the setup of the user execution context
>into PAM, there are other elements of the SELinux patches as well, such
>as the labeling of the tty/pty and the entrypoint check for cron jobs. 
>Hence, I suspect that we will still need some kind of patch for
>login/sshd/crond, albeit a smaller one. 
>
>  
>