Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 119851 - SELinux FAQ - RH change to SELinux identity security
SELinux FAQ - RH change to SELinux identity security
Product: Fedora Documentation
Classification: Fedora
Component: selinux-faq (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Karsten Wade
Tammy Fox
Depends On:
Blocks: 118757
  Show dependency treegraph
Reported: 2004-04-02 12:01 EST by James Morris
Modified: 2007-04-18 13:05 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-04-02 20:58:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description James Morris 2004-04-02 12:01:16 EST
Description of change/FAQ addition.  If a change, include the original
text first, then the changed text:

We need to add an entry for this:

Version-Release of FAQ (found on

 selinux-faq-1.0-2 (2004-03-30-T16:20-0800)
Comment 1 Karsten Wade 2004-04-02 18:46:23 EST
This question is posed to follow the example where su is used with the
context transition prior to running useradd (i.e., the question  "How
can I create a new Linux user account with the user's home directory
having the proper context?").  

Here is the current proposed entry:

## begin

Q:. All of the other SELinux documentation states that the su command
will only change Linux identity not security role.

A:. The Fedora Core development team has taken a slightly different
direction than existing SELinux practice. Security context transitions
are now integrated into su via pam_selinux.

In practice, this is like combining the traditional su with the
SELinux newrole, as one step instead of two. 

## end
Comment 2 James Morris 2004-04-02 18:55:45 EST
I'd mention that we've done this to make it markedly simpler to use
the system, and that other forms of Unix identity change (e.g.
setuid(2)) do not cause an SELinux identity change.
Comment 3 Karsten Wade 2004-04-02 20:58:35 EST

Included in next build of the FAQ (1.0-3).

Note You need to log in before you can comment on or make changes to this bug.