From: justinmattock@yahoo.com (Justin P. Mattock) Date: Fri, 16 Sep 2011 09:11:40 -0700 Subject: [refpolicy] pam_selinux(gdm-password:session): Security Context justin:staff_r:insmod_t:s0 Assigned In-Reply-To: <4E737223.1060601@redhat.com> References: <1316144432.85313.YahooMailNeo@web114304.mail.gq1.yahoo.com> <4E736453.8000506@redhat.com> <4E7369AF.3000709@yahoo.com> <4E737223.1060601@redhat.com> Message-ID: <4E73753C.3000809@yahoo.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/16/2011 08:58 AM, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/16/2011 11:22 AM, Justin P. Mattock wrote: >> On 09/16/2011 07:59 AM, Daniel J Walsh wrote: >>> ps -eZ |grep sshd >> I dont have sshd running, but here is ps auxZ to give you an idea >> of what I am seeing: http://fpaste.org/u6IB/ >> >> if I adjust /etc/pam.d/login and add select_context to >> pam_selinux.so then do init 3 in lilo I am able to have the >> context justin:staff_r:staff_t:s0 the way it should. but as soon >> as I init 5 gdm starts up, and everything goes back to >> name:staff_r:insmod_t:s0 >> >> I think I am either missing a boolean to have the transisiton >> runing properly, and/or pam.d or some config file somewhere needs >> to be adjusted. keep in mind refpolicy has no patches added to >> it(not sure if I need any for systemd), just plain git pull >> etc... >> >> Justin P. Mattock > Well since you don't have a init_t running, I think your problem > starts there. Looks like your system is badly mislabeled or something > in init is broken. I take it this is not a Red Hat Based OS? > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk5zciMACgkQrlYvE4MpobOs4wCcD/KSvuhb5GxhPCZcMEDGI1dD > X70AnR2OLyUzsaLlDRmP0jm7ABwzFHBj > =aH02 > -----END PGP SIGNATURE----- the system is fedora 15 nothing tweaked on it. just refpolicy from git targeted form fedora works fine, just thought I would give refpolicy-git a try. think I need to read up on systemd ls -Z /lib/systemd looks like this: http://fpaste.org/WOFw/ wondering if maybe /etc/security/pam_env.conf is capable of putting me into the right context, but then again if this is just a label issue, then pam_env.conf is not touched. Justin P. Mattock -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20110916/38c817a7/attachment-0001.html