From: dwalsh@redhat.com (Daniel J Walsh) Date: Fri, 16 Sep 2011 10:59:31 -0400 Subject: [refpolicy] pam_selinux(gdm-password:session): Security Context justin:staff_r:insmod_t:s0 Assigned In-Reply-To: <1316144432.85313.YahooMailNeo@web114304.mail.gq1.yahoo.com> References: <1316144432.85313.YahooMailNeo@web114304.mail.gq1.yahoo.com> Message-ID: <4E736453.8000506@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/15/2011 11:40 PM, Justin Mattock wrote: > I know this may seem stupid, but why is SELinux PAM transitioning > me like this? > > Sep 15 20:25:48 Linux-2 pam: gdm-password[957]: > pam_selinux(gdm-password:session): Open Session Sep 15 20:25:48 > Linux-2 pam: gdm-password[957]: pam_selinux(gdm-password:session): > Open Session Sep 15 20:25:48 Linux-2 pam: gdm-password[957]: > pam_selinux(gdm-password:session): Username= justin SELinux User = > justin Level= s0 Sep 15 20:25:48 Linux-2 pam: gdm-password[957]: > pam_selinux(gdm-password:session): Security Context > justin:staff_r:insmod_t:s0 Assigned Sep 15 20:25:48 Linux-2 pam: > gdm-password[957]: pam_selinux(gdm-password:session): set justin > security context to justin:staff_r:insmod_t:s0 Sep 15 20:25:48 > Linux-2 pam: gdm-password[957]: pam_selinux(gdm-password:session): > Key Creation Context justin:staff_r:insmod_t:s0 Assigned Sep 15 > 20:25:48 Linux-2 pam: gdm-password[957]: > pam_selinux(gdm-password:session): set justin key creation context > to justin:staff_r:insmod_t:s0 Sep 15 20:25:48 Linux-2 pam: > gdm-password[957]: pam_unix(gdm-password:session): session opened > for user justin by (uid=0) > > > I have had this in the past with other systems, but a relabel has > always resolved this., now with using fedora 15 seems I have no > idea! any ideas on what I may need to check? boolean? > > Justin P. Mattock > > _______________________________________________ refpolicy mailing > list refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy What is the context of the login program. ps -eZ |grep sshd For example. The code asks what context to log in justin at based on its current context. If the login program has a bizare context like unconfined_t or initrc_t the code can get confused. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5zZFMACgkQrlYvE4MpobNmCACfRirK7RP5I1rQPy193KZAapl9 droAoK8wKjd9xgB+p5QSmueukch3ZUha =1iP6 -----END PGP SIGNATURE-----