LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Shadow hardening

Shadow hardening

Posted Mar 22, 2012 22:08 UTC (Thu) by dpquigl (subscriber, #52852)
In reply to: Shadow hardening by jake
Parent article: Shadow hardening

Are they completely getting rid of /etc/passwd? I don't believe pam_selinux actually looks at the shadow file at all. I believe it takes the user name and figures out the SELinux user from that and chooses the login context properly. I don't see how breaking out shadow would change that. I'll take a look into it. I haven't looked at how either of the projects work yet but my first concern would be that the shadow files just aren't label properly. Any links to the actual projects so I can check them out when I get home?

(Log in to post comments)

Shadow hardening

Posted Mar 22, 2012 22:12 UTC (Thu) by dpquigl (subscriber, #52852) [Link]

Bleh wish I had that edit key. I meant to ask if there are examples of getting this going on Fedora or something like that. That would probably be the best place to test SELinux integration.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds