From: dwalsh@redhat.com (Daniel J Walsh)
Date: Sat, 13 Feb 2010 07:22:19 -0500
Subject: [refpolicy] system_authlogin.patch
In-Reply-To: <1266005173.11004.21.camel@gorn.columbia.tresys.com>
References: <4AFC8737.7030604@redhat.com>
	<1266005173.11004.21.camel@gorn.columbia.tresys.com>
Message-ID: <4B76997B.6050804@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/12/2010 03:06 PM, Christopher J. PeBenito wrote:
> On Thu, 2009-11-12 at 17:07 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F12/system_authlogin.patch
>>
>> Lots of new authlogin policy.
> 
> I like the idea of having interfaces for using pam, but I'm hesitant
> because each program's usage of pam can vary based on the pam.d entries.
> 
Yes, and I think we could add a series of booleans to allow people to tighten this up.  
I guess this comes down to an argument between least privs and just make the damn thing work.