[refpolicy] pam_selinux(gdm-password:session): Security Context justin:staff_r:insmod_t:s0 Assigned

Guido Trentalancia guido at trentalancia.com
Fri Sep 16 11:02:45 CDT 2011


On Fri, 2011-09-16 at 08:22 -0700, Justin P. Mattock wrote:
> On 09/16/2011 07:59 AM, Daniel J Walsh wrote:
> > ps -eZ |grep sshd
> I dont have sshd running, but here is ps auxZ to give you an idea of 
> what I am seeing:
> http://fpaste.org/u6IB/

Graphical environment is not running in the proper context.

Not even init has transitioned properly to its own context.

> if I adjust /etc/pam.d/login and add select_context to pam_selinux.so 
> then do init 3 in lilo I am able to have the context
> justin:staff_r:staff_t:s0  the way it should. but as soon as I init 5 
> gdm starts up, and everything goes back to name:staff_r:insmod_t:s0
> 
> I think I am either missing a boolean to have the transisiton runing 

Why don't you post the booleans that you're using then:

getsebool -a

For example, what are you using for init ? If you're using upstart, have
you set init_upstart=on ?

> properly, and/or pam.d or some config file somewhere needs to be adjusted.
> keep in mind refpolicy has no patches added to it(not sure if I need any 
> for systemd), just plain git pull  etc...

So are you using systemd for init ? There is a boolean called
init_systemd which possibly is similar to the above mentioned one for
upstart.

Start from tackling init running in the kernel context and not
transitioning to init_t. The rest might be mostly due to that: personal
experience.

> Justin P. Mattock

Guido



More information about the refpolicy mailing list