From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Re: Wrong context for user From: Stephen Smalley To: "c.r.madhusudhanan@gmail.com" Cc: dwalsh@redhat.com, SELinux@tycho.nsa.gov In-Reply-To: <1309528564.31276.26.camel@moss-pluto> References: <1308920243.15355.55.camel@moss-pluto> <1308924690.15355.72.camel@moss-pluto> <1309528564.31276.26.camel@moss-pluto> Content-Type: text/plain; charset="UTF-8" Date: Fri, 01 Jul 2011 12:17:37 -0400 Message-ID: <1309537057.31276.28.camel@moss-pluto> Mime-Version: 1.0 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Fri, 2011-07-01 at 09:56 -0400, Stephen Smalley wrote: > On Fri, 2011-06-24 at 14:44 +0000, c.r.madhusudhanan@gmail.com wrote: > > Thanks Daniel, Stephen. > > > > I am able to get init_t, local_login_t for init, and login > > respectively. > > The mistake was tat I missed relabeling the file system, so all the > > executable was in the type file_t. > > > > But it looks my problem still remains somehow, so that when I try > > login it still shows me wrong domain/type. > > > > When I login using 'login' (tty1), the context shows as > > user_u:user_r:chkpwd_t and when I check in the X (auto login to user > > 'meego' using 'uxlaunch') shows as user_u:user_r:consoletype_t. > > > > Attached is the "ps -aeZ" after relabeling the system. > > Going back to this ps output, I think you'll need some policy changes to > support MeeGo's uxlaunch approach to starting a user desktop. You need > uxlaunch to transition into a domain suitable for user login like xdm_t > (used for gdm/xdm/kdm) rather than running in init_t or we won't get the > expected transitions for user domains. And given that, you might want to take this conversation over to the refpolicy list as it becomes a policy configuration issue for MeeGo. http://oss.tresys.com/mailman/listinfo/refpolicy -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.