From: dwalsh@redhat.com (Daniel J Walsh)
Date: Thu, 05 Mar 2009 12:18:34 -0500
Subject: [refpolicy] system_locallogin.patch
Message-ID: <49B0096A.9010200@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_locallogin.patch


Local login uses usb keys for login.

Add unconfined_shell_domtrans which contains a boolean to turn on and
off login as an unconfined user.

local_login now runs well as  a confined domain

sulogin calls getpw

sulogin will transition to unconfined_t on non MLS machines.


Redhat does not use pam for sulogin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmwCWoACgkQrlYvE4MpobORQACeOjGiOFiIgXfExi5f4Zt7aBFr
xswAnA4MJoZmSgCD33DC87dJvuqDms/O
=v2h9
-----END PGP SIGNATURE-----