[refpolicy] pam_selinux(gdm-password:session): Security Context justin:staff_r:insmod_t:s0 Assigned

Justin P. Mattock justinmattock at yahoo.com
Fri Sep 16 11:11:40 CDT 2011


On 09/16/2011 08:58 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 09/16/2011 11:22 AM, Justin P. Mattock wrote:
>> On 09/16/2011 07:59 AM, Daniel J Walsh wrote:
>>> ps -eZ |grep sshd
>> I dont have sshd running, but here is ps auxZ to give you an idea
>> of what I am seeing: http://fpaste.org/u6IB/
>>
>> if I adjust /etc/pam.d/login and add select_context to
>> pam_selinux.so then do init 3 in lilo I am able to have the
>> context justin:staff_r:staff_t:s0  the way it should. but as soon
>> as I init 5 gdm starts up, and everything goes back to
>> name:staff_r:insmod_t:s0
>>
>> I think I am either missing a boolean to have the transisiton
>> runing properly, and/or pam.d or some config file somewhere needs
>> to be adjusted. keep in mind refpolicy has no patches added to
>> it(not sure if I need any for systemd), just plain git pull
>> etc...
>>
>> Justin P. Mattock
> Well since you don't have a init_t running, I think your problem
> starts there.  Looks like your system is badly mislabeled or something
> in init is broken.   I take it this is not a Red Hat Based OS?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk5zciMACgkQrlYvE4MpobOs4wCcD/KSvuhb5GxhPCZcMEDGI1dD
> X70AnR2OLyUzsaLlDRmP0jm7ABwzFHBj
> =aH02
> -----END PGP SIGNATURE-----
the system is fedora 15 nothing tweaked on it. just refpolicy from git 
targeted form fedora works fine,
just thought I would give refpolicy-git a try.

think I need to read up on systemd
ls -Z /lib/systemd looks like this:
http://fpaste.org/WOFw/

wondering if maybe /etc/security/pam_env.conf is capable of putting me 
into the right context, but then again if
this is just a label issue, then pam_env.conf is not touched.

Justin P. Mattock




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20110916/38c817a7/attachment-0001.html 


More information about the refpolicy mailing list