2010-03-10 21:09:02

by alan.rouse

[permalink] [raw]
Subject: [refpolicy] Automatic login context

The default install of OpenSUSE includes an automatic login to the unprivileged user created during the install. Once selinux (current refpolicy via "git")is installed and boots up with automatic login, the user's context is

system_u:system_r:xdm_t

rather than what is shown in semanage -l login (for example, user_u:user_r:user_t).

However, when you log out and log back in, the context is correct.

If you build the OpenSUSE system without autologin, it enters the correct context when you first boot and log in.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20100310/074c0434/attachment.html


2010-03-10 21:21:27

by Daniel Walsh

[permalink] [raw]
Subject: [refpolicy] Automatic login context

On 03/10/2010 04:09 PM, Alan Rouse wrote:
> The default install of OpenSUSE includes an automatic login to the
> unprivileged user created during the install. Once selinux (current
> refpolicy via "git")is installed and boots up with automatic login,
> the user's context is
> system_u:system_r:xdm_t
> rather than what is shown in semanage -l login (for example,
> user_u:user_r:user_t).
> However, when you log out and log back in, the context is correct.
> If you build the OpenSUSE system without autologin, it enters the
> correct context when you first boot and log in.
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
You are not going through pam_selinux session.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20100310/34ffc9e2/attachment.html

2010-03-10 23:10:49

by Justin P. Mattock

[permalink] [raw]
Subject: [refpolicy] Automatic login context

On Wed, 2010-03-10 at 16:21 -0500, Daniel J Walsh wrote:
> On 03/10/2010 04:09 PM, Alan Rouse wrote:
> > The default install of OpenSUSE includes an automatic login to the
> > unprivileged user created during the install. Once selinux (current
> > refpolicy via "git")is installed and boots up with automatic login,
> > the user's context is
> >
> > system_u:system_r:xdm_t
> >
> > rather than what is shown in semanage -l login (for example,
> > user_u:user_r:user_t).
> >
> > However, when you log out and log back in, the context is correct.
> >
> > If you build the OpenSUSE system without autologin, it enters the
> > correct context when you first boot and log in.
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > refpolicy mailing list
> > refpolicy at oss.tresys.com
> > http://oss.tresys.com/mailman/listinfo/refpolicy
> >
> You are not going through pam_selinux session.
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy


I filled a bug report against suse on this:
https://bugzilla.novell.com/show_bug.cgi?id=582366
there I have login,xdm,gdm modified(hopefully correct),
are there other files in there that might be triggering
this autologin thing or do I have pam_selinux.so set wrong?

Justin P. Mattock