The default install of OpenSUSE includes an automatic login to the unprivileged user created during the install. Once selinux (current refpolicy via "git")is installed and boots up with automatic login, the user's context is
system_u:system_r:xdm_t
rather than what is shown in semanage -l login (for example, user_u:user_r:user_t).
However, when you log out and log back in, the context is correct.
If you build the OpenSUSE system without autologin, it enters the correct context when you first boot and log in.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20100310/074c0434/attachment.html
On 03/10/2010 04:09 PM, Alan Rouse wrote:
> The default install of OpenSUSE includes an automatic login to the
> unprivileged user created during the install. Once selinux (current
> refpolicy via "git")is installed and boots up with automatic login,
> the user's context is
> system_u:system_r:xdm_t
> rather than what is shown in semanage -l login (for example,
> user_u:user_r:user_t).
> However, when you log out and log back in, the context is correct.
> If you build the OpenSUSE system without autologin, it enters the
> correct context when you first boot and log in.
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
You are not going through pam_selinux session.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20100310/34ffc9e2/attachment.html
On Wed, 2010-03-10 at 16:21 -0500, Daniel J Walsh wrote:
> On 03/10/2010 04:09 PM, Alan Rouse wrote:
> > The default install of OpenSUSE includes an automatic login to the
> > unprivileged user created during the install. Once selinux (current
> > refpolicy via "git")is installed and boots up with automatic login,
> > the user's context is
> >
> > system_u:system_r:xdm_t
> >
> > rather than what is shown in semanage -l login (for example,
> > user_u:user_r:user_t).
> >
> > However, when you log out and log back in, the context is correct.
> >
> > If you build the OpenSUSE system without autologin, it enters the
> > correct context when you first boot and log in.
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > refpolicy mailing list
> > refpolicy at oss.tresys.com
> > http://oss.tresys.com/mailman/listinfo/refpolicy
> >
> You are not going through pam_selinux session.
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
I filled a bug report against suse on this:
https://bugzilla.novell.com/show_bug.cgi?id=582366
there I have login,xdm,gdm modified(hopefully correct),
are there other files in there that might be triggering
this autologin thing or do I have pam_selinux.so set wrong?
Justin P. Mattock