From: russell@coker.com.au (Russell Coker) Date: Fri, 21 Apr 2017 23:09:17 +1000 Subject: [refpolicy] [PATCH] login related stuff take 2 In-Reply-To: References: <20170421091025.kwn5wmevhmoyidj3@athena.coker.com.au> <201704212220.12482.russell@coker.com.au> Message-ID: <201704212309.17733.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, 21 Apr 2017 10:30:12 PM Guido Trentalancia via refpolicy wrote: > >> +auth_login_pgm_domain(sulogin_t) > >> +kernel_read_crypto_sysctls(sulogin_t) > >> +selinux_set_generic_booleans(sulogin_t) > >> > >> What usage need this access? > > > >Just the sulogin program. > > I also have the sulogin program, it comes from sysvinit, but it doesn't > require the above dangerous permissions... Mine comes from util-linux. Again I don't think there's a benefit in stopping sulogin from doing things directly when it is permitted to run "sh -c setsebool" for the same result. If you were going to try and exploit sulogin would you try and trick the executable into using the SE Linux API calls or would you aim for system("setsebool...")? > >Can you please configure your MUA to put "> " at the start of every > >quoted > >line? It makes it very difficult to read if you don't differentate the > >quoted > >text from what you write. > > > >If necessary just type "> " at the start of every line you quote. > > I read the message from Christian correctly. There is no line separation > between quoted and non-quoted text, but apart from that the quoted text > appears correctly marked. Strange problem... Maybe you are reading the HTML version. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/