summaryrefslogtreecommitdiff
path: root/modules/pam_selinux/pam_selinux.8.xml
diff options
context:
space:
mode:
authorTomas Mraz <tm@t8m.info>2007-06-15 10:17:22 +0000
committerTomas Mraz <tm@t8m.info>2007-06-15 10:17:22 +0000
commit6fdbb8b07e9405d3748c32a9b7906c73b95ccef5 (patch)
tree77dfefd2502b860f21fbbfb24d7595b80cd291eb /modules/pam_selinux/pam_selinux.8.xml
parentb3644707da87d61559f8322771a88d2162a47a4e (diff)
Relevant BUGIDs:
Purpose of commit: new feature Commit summary: --------------- 2007-06-15 Tomas Mraz <t8m@centrum.cz> * modules/pam_selinux/pam_selinux.8.xml: Remove multiple option, add select_context and use_current_range options. * modules/pam_selinux/pam_selinux.c (send_audit_message): Added function for auditing role/level changes. (query_response): Add default response. (select_context): Removed. (manual_context): Query only role and level. (mls_range_allowed): Added function for range check. (config_context): Added function for role and level override. (pam_sm_open_session): Remove multiple option, add select_context and use_current_range_options. Use getseuserbyname to obtain SELinux user and level. Audit role/level changes. Call setkeycreatecon to assign key creation context. Don't fail on errors when SELinux is not in enforcing mode.
Diffstat (limited to 'modules/pam_selinux/pam_selinux.8.xml')
-rw-r--r--modules/pam_selinux/pam_selinux.8.xml39
1 files changed, 26 insertions, 13 deletions
diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml
index 1f00f082..3acd1322 100644
--- a/modules/pam_selinux/pam_selinux.8.xml
+++ b/modules/pam_selinux/pam_selinux.8.xml
@@ -25,9 +25,6 @@
debug
</arg>
<arg choice="opt">
- multiple
- </arg>
- <arg choice="opt">
open
</arg>
<arg choice="opt">
@@ -36,6 +33,12 @@
<arg choice="opt">
verbose
</arg>
+ <arg choice="opt">
+ select_context
+ </arg>
+ <arg choice="opt">
+ use_current_range
+ </arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -93,43 +96,53 @@
</varlistentry>
<varlistentry>
<term>
- <option>multiple</option>
+ <option>open</option>
</term>
<listitem>
<para>
- Tells pam_selinux.so to allow the user to select the
- security context they will login with, if the user has
- more than one role.
+ Only execute the open_session portion of the module.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <option>open</option>
+ <option>nottys</option>
</term>
<listitem>
<para>
- Only execute the open_session portion of the module.
+ Do not try to setup the ttys security context.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <option>nottys</option>
+ <option>verbose</option>
</term>
<listitem>
<para>
- Do not try to setup the ttys security context.
+ attempt to inform the user when security context is set.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <option>verbose</option>
+ <option>select_context</option>
</term>
<listitem>
<para>
- attempt to inform the user when security context is set.
+ Attempt to ask the user for a custom security context role.
+ If MLS is on ask also for sensitivity level.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>use_current_range</option>
+ </term>
+ <listitem>
+ <para>
+ Use the sensitivity range of the process for the user context.
+ This option and the select_context option are mutually exclusive.
</para>
</listitem>
</varlistentry>