[refpolicy] pam_selinux(gdm-password:session): Security Context justin:staff_r:insmod_t:s0 Assigned
Justin P. Mattock
justinmattock at yahoo.com
Fri Sep 16 11:24:39 CDT 2011
On 09/16/2011 09:02 AM, Guido Trentalancia wrote:
> On Fri, 2011-09-16 at 08:22 -0700, Justin P. Mattock wrote:
>> On 09/16/2011 07:59 AM, Daniel J Walsh wrote:
>>> ps -eZ |grep sshd
>> I dont have sshd running, but here is ps auxZ to give you an idea of
>> what I am seeing:
> Graphical environment is not running in the proper context.
> Not even init has transitioned properly to its own context.
>> if I adjust /etc/pam.d/login and add select_context to pam_selinux.so
>> then do init 3 in lilo I am able to have the context
>> justin:staff_r:staff_t:s0 the way it should. but as soon as I init 5
>> gdm starts up, and everything goes back to name:staff_r:insmod_t:s0
>> I think I am either missing a boolean to have the transisiton runing
> Why don't you post the booleans that you're using then:
> getsebool -a
> For example, what are you using for init ? If you're using upstart, have
> you set init_upstart=on ?
>> properly, and/or pam.d or some config file somewhere needs to be adjusted.
>> keep in mind refpolicy has no patches added to it(not sure if I need any
>> for systemd), just plain git pull etc...
> So are you using systemd for init ? There is a boolean called
> init_systemd which possibly is similar to the above mentioned one for
> Start from tackling init running in the kernel context and not
> transitioning to init_t. The rest might be mostly due to that: personal
>> Justin P. Mattock
looking more into fedora(s) structure of what they have:
/sbin/init -> ../bin/systemd
ls -lZ /sbin/init
lrwxrwxrwx. root root system_u:object_r:bin_t:s0 /sbin/init ->
[justin at Linux-2 ~]$ ls -lZ /bin/systemd
-rwxr-xr-x. root root system_u:object_r:init_exec_t:s0 /bin/systemd
using chcon on:
chcon system_u:object_r:init_exec_t:s0 /sbin/init
seems to not change this for whatever the reason. keep in mind I am not
sure how systemd runs or is setup.
Justin P. Mattock
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the refpolicy