From: Dennis Wronka <linuxweb@gmx.net>
To: Justin Mattock <justinmattock@gmail.com>
Cc: "SE-Linux" <selinux@tycho.nsa.gov>
Subject: Re: can't login in enforcing mode for some reason.
Date: Sat, 5 Sep 2009 15:15:17 +0800 [thread overview]
Message-ID: <200909051515.20822.linuxweb@gmx.net> (raw)
In-Reply-To: <dd18b0c30909042230r3da58c1ay996b7f0fbac361d0@mail.gmail.com>
[-- Attachment #1: Type: Text/Plain, Size: 3786 bytes --]
Is that on a regular distro or on your custom compile?
If the latter: Which getty are you using? I had serious problems with agetty,
but could get around those by switching to mingetty.
Also I think there are two version of login, the one you're using may depend
on the compile-order. I think one is in the shadow-package and one is in util-
linux-ng. For a reason that I don't remember I think I am now using the one in
util-linux-ng.
> any ideas on why I'm hitting this:
>
> type=1106 audit(1252128138.800:242): user pid=5022 uid=0 auid=1000
> ses=12 subj=system_u:system_r:sysadm_t msg='op=PAM:session_close
> acct="name" exe="/bin/login" hostname=? addr=? terminal=/dev/tty1
> res=success'
> [ 4110.457610] type=1100 audit(1252128145.452:243): user pid=5468
> uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sysadm_t
> msg='op=PAM:authentication acct="name" exe="/bin/login" hostname=?
> addr=? terminal=/dev/tty1 res=success'
> [ 4110.460426] type=1101 audit(1252128145.452:244): user pid=5468
> uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sysadm_t
> msg='op=PAM:accounting acct="name" exe="/bin/login" hostname=? addr=?
> terminal=/dev/tty1 res=success'
> [ 4110.461260] type=1006 audit(1252128145.452:245): login pid=5468
> uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=13
> [ 4110.473666] type=2300 audit(1252128145.472:246): user pid=5468
> uid=0 auid=1000 ses=13 subj=system_u:system_r:sysadm_t msg='pam:
> default-context=name:sysadm_r:sysadm_t
> selected-context=name:sysadm_r:sysadm_t: exe="/bin/login" hostname=?
> addr=? terminal=tty1 res=success'
> [ 4110.473824] type=1105 audit(1252128145.472:247): user pid=5468
> uid=0 auid=1000 ses=13 subj=system_u:system_r:sysadm_t
> msg='op=PAM:session_open acct="name" exe="/bin/login" hostname=?
> addr=? terminal=/dev/tty1 res=success'
> [ 4110.474729] type=1103 audit(1252128145.472:248): user pid=5468
> uid=0 auid=1000 ses=13 subj=system_u:system_r:sysadm_t
> msg='op=PAM:setcred acct="name" exe="/bin/login" hostname=? addr=?
> terminal=/dev/tty1 res=success'
> [ 4110.474792] type=1112 audit(1252128145.472:249): user pid=5468
> uid=0 auid=1000 ses=13 subj=system_u:system_r:sysadm_t msg='op=login
> acct="name" exe="/bin/login" hostname=? addr=? terminal=/dev/tty1
> res=success'
> [ 4110.475448] type=1400 audit(1252128145.472:250): avc: denied {
> transition } for pid=5475 comm="login" path="/bin/bash" dev=sda3
> ino=204858 scontext=system_u:system_r:sysadm_t
> tcontext=name:sysadm_r:sysadm_t tclass=process
> [ 4110.476010] type=1400 audit(1252128145.472:250): avc: denied {
> rlimitinh } for pid=5475 comm="bash"
> scontext=system_u:system_r:sysadm_t tcontext=name:sysadm_r:sysadm_t
> tclass=process
> [ 4110.476026] type=1400 audit(1252128145.472:250): avc: denied {
> siginh } for pid=5475 comm="bash" scontext=system_u:system_r:sysadm_t
> tcontext=name:sysadm_r:sysadm_t tclass=process
> [ 4110.476048] type=1400 audit(1252128145.472:250): avc: denied {
> noatsecure } for pid=5475 comm="bash"
> scontext=system_u:system_r:sysadm_t tcontext=name:sysadm_r:sysadm_t
> tclass=process
> [ 4110.476096] type=1300 audit(1252128145.472:250): arch=c000003e
> syscall=59 success=yes exit=0 a0=616760 a1=7fffce1af800 a2=60a060 a3=0
> items=0 ppid=5468 pid=5475 auid=1000 uid=1000 gid=1000 euid=1000
> suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=tty1 ses=13
> comm="bash" exe="/bin/bash" subj=name:sysadm_r:sysadm_t key=(null)
>
>
> audit2allow shows this:
> allow sysadm_t self:process { siginh rlimitinh transition noatsecure };
>
> seems I had these three avc's fixed by removing securetty
> but for some reason these appeared again.
>
> any ideas would be helpful.
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2009-09-05 7:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-05 5:30 can't login in enforcing mode for some reason Justin Mattock
2009-09-05 5:57 ` Justin P. Mattock
2009-09-05 7:15 ` Dennis Wronka [this message]
2009-09-05 7:34 ` Justin P. Mattock
2009-09-05 7:51 ` Dennis Wronka
2009-09-05 7:52 ` Justin P. Mattock
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200909051515.20822.linuxweb@gmx.net \
--to=linuxweb@gmx.net \
--cc=justinmattock@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.