diff options
| author | Tomas Mraz <tm@t8m.info> | 2007-06-15 10:17:22 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2007-06-15 10:17:22 +0000 |
| commit | 6fdbb8b07e9405d3748c32a9b7906c73b95ccef5 (patch) | |
| tree | 77dfefd2502b860f21fbbfb24d7595b80cd291eb /modules/pam_selinux/pam_selinux.8.xml | |
| parent | b3644707da87d61559f8322771a88d2162a47a4e (diff) | |
| download | pam-6fdbb8b07e9405d3748c32a9b7906c73b95ccef5.tar.gz pam-6fdbb8b07e9405d3748c32a9b7906c73b95ccef5.tar.bz2 pam-6fdbb8b07e9405d3748c32a9b7906c73b95ccef5.zip | |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2007-06-15 Tomas Mraz <t8m@centrum.cz>
* modules/pam_selinux/pam_selinux.8.xml: Remove multiple option,
add select_context and use_current_range options.
* modules/pam_selinux/pam_selinux.c (send_audit_message): Added
function for auditing role/level changes.
(query_response): Add default response.
(select_context): Removed.
(manual_context): Query only role and level.
(mls_range_allowed): Added function for range check.
(config_context): Added function for role and level override.
(pam_sm_open_session): Remove multiple option, add select_context
and use_current_range_options. Use getseuserbyname to obtain
SELinux user and level. Audit role/level changes. Call setkeycreatecon
to assign key creation context. Don't fail on errors when SELinux
is not in enforcing mode.
Diffstat (limited to 'modules/pam_selinux/pam_selinux.8.xml')
| -rw-r--r-- | modules/pam_selinux/pam_selinux.8.xml | 39 |
1 files changed, 26 insertions, 13 deletions
diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml index 1f00f082..3acd1322 100644 --- a/modules/pam_selinux/pam_selinux.8.xml +++ b/modules/pam_selinux/pam_selinux.8.xml @@ -25,9 +25,6 @@ debug </arg> <arg choice="opt"> - multiple - </arg> - <arg choice="opt"> open </arg> <arg choice="opt"> @@ -36,6 +33,12 @@ <arg choice="opt"> verbose </arg> + <arg choice="opt"> + select_context + </arg> + <arg choice="opt"> + use_current_range + </arg> </cmdsynopsis> </refsynopsisdiv> @@ -93,43 +96,53 @@ </varlistentry> <varlistentry> <term> - <option>multiple</option> + <option>open</option> </term> <listitem> <para> - Tells pam_selinux.so to allow the user to select the - security context they will login with, if the user has - more than one role. + Only execute the open_session portion of the module. </para> </listitem> </varlistentry> <varlistentry> <term> - <option>open</option> + <option>nottys</option> </term> <listitem> <para> - Only execute the open_session portion of the module. + Do not try to setup the ttys security context. </para> </listitem> </varlistentry> <varlistentry> <term> - <option>nottys</option> + <option>verbose</option> </term> <listitem> <para> - Do not try to setup the ttys security context. + attempt to inform the user when security context is set. </para> </listitem> </varlistentry> <varlistentry> <term> - <option>verbose</option> + <option>select_context</option> </term> <listitem> <para> - attempt to inform the user when security context is set. + Attempt to ask the user for a custom security context role. + If MLS is on ask also for sensitivity level. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>use_current_range</option> + </term> + <listitem> + <para> + Use the sensitivity range of the process for the user context. + This option and the select_context option are mutually exclusive. </para> </listitem> </varlistentry> |