User: Password:
Subscribe / Log in / New account

Shadow hardening

Shadow hardening

Posted Mar 22, 2012 17:08 UTC (Thu) by jake (editor, #205)
In reply to: Shadow hardening by dpquigl
Parent article: Shadow hardening

> I don't see anything in the description here that makes hardened-shadow
> incompatible with SELinux.

Maybe I misunderstood, but I thought the problem wasn't so much policy as it was getting the tcb/hardened-shadows changes working with pam_selinux (or the SELinux changes working with the PAM modules for the others).


(Log in to post comments)

Shadow hardening

Posted Mar 22, 2012 22:08 UTC (Thu) by dpquigl (guest, #52852) [Link]

Are they completely getting rid of /etc/passwd? I don't believe pam_selinux actually looks at the shadow file at all. I believe it takes the user name and figures out the SELinux user from that and chooses the login context properly. I don't see how breaking out shadow would change that. I'll take a look into it. I haven't looked at how either of the projects work yet but my first concern would be that the shadow files just aren't label properly. Any links to the actual projects so I can check them out when I get home?

Shadow hardening

Posted Mar 22, 2012 22:12 UTC (Thu) by dpquigl (guest, #52852) [Link]

Bleh wish I had that edit key. I meant to ask if there are examples of getting this going on Fedora or something like that. That would probably be the best place to test SELinux integration.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds