diff options
author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 17:53:41 -0800 |
---|---|---|
committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 18:17:08 -0800 |
commit | 212b52cf29c06cc209bc8ac0540dbab1acdf1464 (patch) | |
tree | 58da0bf39f5c4122e4a1b4da20fdeea52b97a671 /modules/pam_selinux/README | |
parent | 9c52e721044e7501c3d4567b36d222dc7326224a (diff) | |
parent | 56c8282d128fb484ffc77dff73abf42229b291d3 (diff) |
New upstream version 1.1.0
Diffstat (limited to 'modules/pam_selinux/README')
-rw-r--r-- | modules/pam_selinux/README | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/modules/pam_selinux/README b/modules/pam_selinux/README index 9e841f2e..67217905 100644 --- a/modules/pam_selinux/README +++ b/modules/pam_selinux/README @@ -48,10 +48,21 @@ select_context Attempt to ask the user for a custom security context role. If MLS is on ask also for sensitivity level. +env_params + + Attempt to obtain a custom security context role from PAM environment. If + MLS is on obtain also sensitivity level. This option and the select_context + option are mutually exclusive. The respective PAM environment variables are + SELINUX_ROLE_REQUESTED, SELINUX_LEVEL_REQUESTED, and + SELINUX_USE_CURRENT_RANGE. The first two variables are self describing and + the last one if set to 1 makes the PAM module behave as if the + use_current_range was specified on the command line of the module. + use_current_range - Use the sensitivity range of the process for the user context. This option - and the select_context option are mutually exclusive. + Use the sensitivity level of the current process for the user context + instead of the default level. Also suppresses asking of the sensitivity + level from the user or obtaining it from PAM environment. EXAMPLES |