When using PAM services such as login, su, sudo, polkit-1, sshd, gdm-password, PAM will perform a manual domain transition with the new security context selected as the default security context. The default security context is configurable. The general configuration file is /etc/selinux/omarine/contexts/default_contexts and the configuration files for specific SELinux users are located in the /etc/selinux/omarine/contexts/users directory.
If we configure the default security contexts in the file /etc/selinux/omarine/contexts/default_contexts then PAM may be confused as it chooses the first context in a context list taken from the configuration file. Hence the safe way is to configure the default security contexts in the files in /etc/selinux/omarine/contexts/users directory for each specific SELinux user.
For example, when we run pkexec command of polkit to execute a program as the root user, the configuration file /etc/selinux/omarine/contexts/users/root will be used to get the default security context for the root user.
The type of the pkexec program file is pkexec_exec_t (this is an Omarine-specific type)
If pkexec is run by an administrator then the domain of pkexec will be staff_pkexec_t. For root and normal users are sysadm_pkexec_t and user_pkexec_t, respectively. We configure the default security contexts as follows
sudo tee -a /etc/selinux/omarine/contexts/users/root << EOF staff_r:staff_pkexec_t:s0 sysadm_r:sysadm_t:s0 sysadm_r:sysadm_pkexec_t:s0 sysadm_r:sysadm_t:s0 user_r:user_pkexec_t:s0 sysadm_r:sysadm_t:s0 EOF
All three different situations of the users running the pkexec command lead to the context part sysadm_r:sysadm_t:s0, which is the basis for the default security context of the process of the program that pkexec executes as root.
The third situation, when a normal user runs pkexec, the configuration is just to explain the execution permission. Normal users are not allowed to run pkexec like that because the role user_r is not allowed to switch to sysadm_r.
We know that pkexec has the same function as su. The above configuration is in line with the general admin rule that only the administrators and root have the permissions to run su and sudo. However, the functionality of pkexec is broader than that of su in the administration context, a normal user can use pkexec to execute a program as another normal user. This detail is shown in the configuration file /etc/selinux/omarine/contexts/users/user_u.
Contact: tuyen@omarine.org
Comments
balanceluxuryrehab 2 years, 3 months ago
http://images.google.ca/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
Link | Replyhttp://www.google.ca/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://images.google.com.hk/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.nl/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.co.in/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.ru/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.pl/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.com.au/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.com.tw/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.co.id/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://images.google.ch/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.ch/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://maps.google.ch/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://images.google.be/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://maps.google.be/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://maps.google.cz/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.co.th/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://images.google.com.ua/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://images.google.com.tr/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.com.mx/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.dk/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://images.google.hu/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.fi/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://images.google.co.nz/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.co.nz/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://maps.google.co.nz/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.com.vn/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.pt/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://images.google.ro/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.com.my/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.co.za/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.com.sg/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://maps.google.co.il/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.cl/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.ie/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://maps.google.sk/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.com.pe/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://maps.google.ae/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://images.google.com.pk/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://images.google.com.co/url?sa=t&url=http%3A%2F%2Fbalanceluxuryrehab.com
http://www.google.com.co/url?sa=t&url=http%3A%2
air cleaner singapore 2 years, 3 months ago
hi!,I love your writing so much! proportion we be in contact more
Link | Replyapproximately your article on AOL? I need an expert on this area to
unravel my problem. Maybe that is you! Looking forward to see you.
หวย 2 years, 3 months ago
Thank you for the auspicious writeup. It in fact was a amusement account it.
Link | ReplyLook advanced to far added agreeable from you! By the way, how could we communicate?
หวยเด็ด 2 years, 3 months ago
I know this web site provides quality dependent content and other material,
Link | Replyis there any other website which provides these kinds
of information in quality?
купить коттедж Минск Беларусь 2 years, 3 months ago
It's great that you are getting thoughts from this piece of
Link | Replywriting as well as from our argument made at this time.
Softwasherz 2 years, 3 months ago
Hi there to all, how is all, I think every one is getting more from this web site,
Link | Replyand your views are pleasant in support of new visitors.
slot 2 years, 3 months ago
Very shortly this web pragmatic will be famous among
Link | Replyall slot people, due to it's nice posts
Dưỡng Da 2 years, 3 months ago
I am now not certain the place you're getting your info, however good topic.
Link | ReplyI needs to spend a while finding out more or figuring out more.
Thanks for excellent information I was looking for this information for my mission.
panthers jerseys 2 years, 3 months ago
If some one desires to be updated with newest technologies afterward he
Link | Replymust be visit this web page and be up to date all the time.
Hoc tieng Duc 2 years, 3 months ago
I was suggested this website by my cousin. I am not sure whether
Link | Replythis post is written by him as nobody else know such detailed
about my trouble. You're amazing! Thanks!
human hair wigs 2 years, 3 months ago
I do accept as true with all the ideas you have offered to your post.
Link | ReplyThey're very convincing and will certainly work.
Nonetheless, the posts are very short for beginners. May you
please lengthen them a little from subsequent time?
Thank you for the post.
slot online 2 years, 3 months ago
certainly like your web slot online but you need to take a look at the spelling on quite
Link | Replya few of your posts. Many of them are rife with spelling problems and I in finding it very bothersome to tell the truth on the other hand I will certainly come
back again.
tengsu 2 years, 3 months ago
Wow! This blog looks exactly like my old one!
Link | ReplyIt's on a completely different subject but it has pretty much the same layout and design. Wonderful
choice of colors!
togel sydñey 2020 2 years, 3 months ago
Keep on working, great job!
Link | ReplyCharley 2 years, 3 months ago
An impressive share! I've just forwarded this onto a friend who was conducting a little homework on this.
Link | ReplyAnd he in fact bought me breakfast due to the fact that I found
it for him... lol. So allow me to reword this....
Thank YOU for the meal!! But yeah, thanx for spending the time to talk about this matter
here on your internet site.
Finance 2 years, 3 months ago
I think the admin of this web site is truly working
Link | Replyhard in support of his web page, for the reason that here every data is quality
based data.
Lizette 2 years, 3 months ago
Highly descriptive post, I loved that a lot. Will there be
Link | Replya part 2?
Kristin 2 years, 3 months ago
Someone necessarily lend a hand to make significantly articles I would state.
Link | ReplyThis is the first time I frequented your website page and so far?
I amazed with the research you made to make this particular post amazing.
Magnificent activity!
http://www.magcloud.com/user/thraneyildiz7 2 years, 3 months ago
Appreciate this post. Will try it out.
Link | Replywikiartesania.cl 2 years, 3 months ago
You have made some good points there. I checked on the internet for more information about the issue and found most people will go along with your views on this site.
Link | ReplyValorie 2 years, 3 months ago
Keep on working, great job!
Link | Replydepositpulsa 2 years, 3 months ago
Thank you a lot for sharing this with all of us you really recognize what you're talking about!
Link | ReplyBookmarked. Kindly additionally discuss with my site
=). We could have a link trade contract among us
หวย 2 years, 3 months ago
Definitely believe that which you said. Your favorite reason appeared to be on the internet
Link | Replythe simplest thing to be aware of. I say to you, I certainly get irked while
people think about worries that they just do not know about.
You managed to hit the nail upon the top and also defined
out the whole thing without having side-effects , people could take a signal.
Will likely be back to get more. Thanks
หวย 2 years, 3 months ago
Hi! I've been reading your weblog for a long time now and finally
Link | Replygot the courage to go ahead and give you a shout out from Kingwood Tx!
Just wanted to say keep up the excellent work!
หวย 2 years, 3 months ago
Good day! This is kind of off topic but I need some advice from an established blog.
Link | ReplyIs it hard to set up your own blog? I'm not very techincal but
I can figure things out pretty quick. I'm thinking about making my own but I'm
not sure where to begin. Do you have any tips or suggestions?
Appreciate it
free credit card number and cvv with money 2 years, 3 months ago
Hi to all, the contents existing at this site
Link | Replyare truly amazing for people experience, well, keep up the nice work fellows.
หวยเด็ด 2 years, 3 months ago
It is the best time to make some plans for the future and it's time to be happy.
Link | ReplyI have read this submit and if I may I want to counsel you few fascinating issues
or advice. Perhaps you could write next articles referring to this
article. I want to read more issues approximately it!
Bola Online 2 years, 2 months ago
Wow, awesome blog layout! How long have you been blogging for?
Link | Replyyou make blogging look easy. The overall look of your web site is magnificent, let alone the content!
best university in indonesia 2 years, 2 months ago
My partner and I stumbled over here coming from a different web address and thought I may as well
Link | Replycheck things out. I like what I see so now i
am following you. Look forward to exploring your web page for
a second time.
New Comment