On Wed, 7 Nov 2001, Chandrashekar B . wrote:

> Hi, The su program that comes with the selinux does not inherit resource
> limitations
> set in /etc/security/limits.conf file, while the default su program that
> comes with
> linux (found in /bin directory) understands and enforces them.
> Was this feature deliberately removed or is it a bug ?
>
> I'm running the selinux patch for kernel 2.4.10 on RedHat Linux 6.1

SELinux doesn't modify the su program. The distribution does include a sh-utils package with a modified id program (to display the security context) and a new runas program (to run a program with a specified security context when permitted by the policy), and sh-utils does include a su program, but we don't use it. The install target of the utils/Makefile specifically removes this su program from /usr/local/selinux/bin (along with the other programs that aren't modified by SELinux but happen to be installed during the 'make install'). So you shouldn't be using that su program at all.

It sounds like you are running the 9/26 release of SELinux. I'm not sure why you are using RedHat 6.1 rather than RedHat 7.1, although that is certainly your option. You also might want to upgrade at some point, although you might want to wait now for a new release based on 2.4.14.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.