[PATCH] fix login for SELinux usage

Jan Kiszka jan.kiszka at web.de
Wed Feb 22 18:18:05 UTC 2006


Hi,

I don't think anyone ever used the login applet over SELinux:

This patch fixes the security labelling of the login terminal and
process. I'm not claiming to be an expert on the SELinux API yet, but
from reading pam_selinux (pam) and newrole (policycoreutils) I think I
crafted a more reasonable version. There remains some stuff to clean up
(the whole set_current_security_context() appears unnecessary complex to
me), but this is now at least working. :)


What I found here makes me worry a bit about the rest of the SELinux
related code in busybox. passwd should contain some patch (to "preserve
security context on /etc/shadow"), but there is nothing. Is su working
as supposed to?

In short: Has anyone ever tried to use busybox applets for critical jobs
(authentication etc.) over SELinux so far? Or did you then just picked
the patched versions of the standard tools, e.g. from Red Hat?

Thanks,
Jan
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: selinux-login.patch
Url: http://lists.busybox.net/pipermail/busybox/attachments/20060222/751af06e/attachment.diff 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.busybox.net/pipermail/busybox/attachments/20060222/751af06e/attachment.pgp 


More information about the busybox mailing list