Archives
Archives
| From: | Sven Vermeulen <sven.vermeulen@××××××.be> | ||
|---|---|---|---|
| To: | gentoo-hardened@l.g.o | ||
| Subject: | Re: [gentoo-hardened] SELinux (strict policy) and ssh | ||
| Date: | Sun, 14 Nov 2010 20:25:07 | ||
| Message-Id: | 20101114202343.GA28621@siphos.be | ||
| In Reply to: | [gentoo-hardened] SELinux (strict policy) and ssh by luc nac |
||
| 1 | On Sun, Nov 14, 2010 at 01:40:12PM +0100, luc nac wrote: |
| 2 | > Is it right that I can still login (or switch to the sysadm_r role) |
| 3 | > via ssh to that machine even if the boolean "ssh_sysadm_login" is set |
| 4 | > "off"? |
| 5 | |
| 6 | Yes, the boolean only ensures that users cannot immediately log on (through |
| 7 | SSH) in the sysadm_r role. Once they are logged on, they can always use |
| 8 | newrole. |
| 9 | |
| 10 | wkr, |
| 11 | Sven Vermeulen |