[refpolicy] pam_selinux(gdm-password:session): Security Context justin:staff_r:insmod_t:s0 Assigned

Daniel J Walsh dwalsh at redhat.com
Fri Sep 16 09:59:31 CDT 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/15/2011 11:40 PM, Justin Mattock wrote:
> I know this may seem stupid, but why is SELinux PAM transitioning
> me like this?
> 
> Sep 15 20:25:48 Linux-2 pam: gdm-password[957]:
> pam_selinux(gdm-password:session): Open Session Sep 15 20:25:48
> Linux-2 pam: gdm-password[957]: pam_selinux(gdm-password:session):
> Open Session Sep 15 20:25:48 Linux-2 pam: gdm-password[957]:
> pam_selinux(gdm-password:session): Username= justin SELinux User =
> justin Level= s0 Sep 15 20:25:48 Linux-2 pam: gdm-password[957]:
> pam_selinux(gdm-password:session): Security Context
> justin:staff_r:insmod_t:s0 Assigned Sep 15 20:25:48 Linux-2 pam:
> gdm-password[957]: pam_selinux(gdm-password:session): set justin
> security context to justin:staff_r:insmod_t:s0 Sep 15 20:25:48
> Linux-2 pam: gdm-password[957]: pam_selinux(gdm-password:session):
> Key Creation Context justin:staff_r:insmod_t:s0 Assigned Sep 15
> 20:25:48 Linux-2 pam: gdm-password[957]:
> pam_selinux(gdm-password:session): set justin key creation context
> to justin:staff_r:insmod_t:s0 Sep 15 20:25:48 Linux-2 pam:
> gdm-password[957]: pam_unix(gdm-password:session): session opened
> for user justin by (uid=0)
> 
> 
> I have had this in the past with other systems, but a relabel has
> always resolved this., now with using fedora 15 seems I have no
> idea! any ideas on what I may need to check? boolean?
> 
> Justin P. Mattock
> 
> _______________________________________________ refpolicy mailing
> list refpolicy at oss.tresys.com 
> http://oss.tresys.com/mailman/listinfo/refpolicy
What is the context of the login program.

ps -eZ |grep sshd

For example.

The code asks what context to log in justin at based on its current
context.  If the login program has a bizare context like unconfined_t
or initrc_t the code can get confused.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5zZFMACgkQrlYvE4MpobNmCACfRirK7RP5I1rQPy193KZAapl9
droAoK8wKjd9xgB+p5QSmueukch3ZUha
=1iP6
-----END PGP SIGNATURE-----


More information about the refpolicy mailing list