On Sat, 22 Dec 2001, Russell Coker wrote:

> I'm now thinking about what to do with su. Should su change the security of
> the tty with chsid() before spawning a new shell and then change it back
> afterwards as login does? Or is there some difference in the way that su and
> login work that requires some different code?

We intentionally chose to not modify the su program for SELinux. Hence, su only changes the Linux identity attributes, not the SELinux security context. su is most commonly used to obtain Linux capabilities for administrative tasks by becoming the superuser, but this merely reflects a change in privilege, not a real change in the user who is performing the tasks. We would prefer to leave the SELinux user identity unmodified for user accountability in this case.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.