Re: can't login in enforcing mode for some reason.

[Dennis Wronka <linuxweb@gmx.net>]

[-- Attachment #1: Type: Text/Plain, Size: 4710 bytes --]

As said, try out mingetty, it solved a lot of problems I had.

> man I have never seen such an issue
> (things are all messed up).
>
> I just put in the util-linux package to see,  but still
> somethings not right.
>
> seems the contexts are not going to the appropriate location i.g.
> with ps auxZ I see agetty as :
> system_u:system_r:sysadm_t
> (which is not correct)
> if I leave the default_contexts alone I login as:
> id -Z
> name:sysadm_r:sysadm_t
> (should be user_r)
>
> I have a look at minegetty and so forth.
>
> Dennis Wronka wrote:
> > Is that on a regular distro or on your custom compile?
> >
> > If the latter: Which getty are you using? I had serious problems with
> > agetty, but could get around those by switching to mingetty.
> >
> > Also I think there are two version of login, the one you're using may
> > depend on the compile-order. I think one is in the shadow-package and one
> > is in util- linux-ng. For a reason that I don't remember I think I am now
> > using the one in util-linux-ng.
> >
> >> any ideas on why I'm hitting this:
> >>
> >>   type=1106 audit(1252128138.800:242): user pid=5022 uid=0 auid=1000
> >> ses=12 subj=system_u:system_r:sysadm_t msg='op=PAM:session_close
> >> acct="name" exe="/bin/login" hostname=? addr=? terminal=/dev/tty1
> >> res=success'
> >> [ 4110.457610] type=1100 audit(1252128145.452:243): user pid=5468
> >> uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sysadm_t
> >> msg='op=PAM:authentication acct="name" exe="/bin/login" hostname=?
> >> addr=? terminal=/dev/tty1 res=success'
> >> [ 4110.460426] type=1101 audit(1252128145.452:244): user pid=5468
> >> uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sysadm_t
> >> msg='op=PAM:accounting acct="name" exe="/bin/login" hostname=? addr=?
> >> terminal=/dev/tty1 res=success'
> >> [ 4110.461260] type=1006 audit(1252128145.452:245): login pid=5468
> >> uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=13
> >> [ 4110.473666] type=2300 audit(1252128145.472:246): user pid=5468
> >> uid=0 auid=1000 ses=13 subj=system_u:system_r:sysadm_t msg='pam:
> >> default-context=name:sysadm_r:sysadm_t
> >> selected-context=name:sysadm_r:sysadm_t: exe="/bin/login" hostname=?
> >> addr=? terminal=tty1 res=success'
> >> [ 4110.473824] type=1105 audit(1252128145.472:247): user pid=5468
> >> uid=0 auid=1000 ses=13 subj=system_u:system_r:sysadm_t
> >> msg='op=PAM:session_open acct="name" exe="/bin/login" hostname=?
> >> addr=? terminal=/dev/tty1 res=success'
> >> [ 4110.474729] type=1103 audit(1252128145.472:248): user pid=5468
> >> uid=0 auid=1000 ses=13 subj=system_u:system_r:sysadm_t
> >> msg='op=PAM:setcred acct="name" exe="/bin/login" hostname=? addr=?
> >> terminal=/dev/tty1 res=success'
> >> [ 4110.474792] type=1112 audit(1252128145.472:249): user pid=5468
> >> uid=0 auid=1000 ses=13 subj=system_u:system_r:sysadm_t msg='op=login
> >> acct="name" exe="/bin/login" hostname=? addr=? terminal=/dev/tty1
> >> res=success'
> >> [ 4110.475448] type=1400 audit(1252128145.472:250): avc:  denied  {
> >> transition } for  pid=5475 comm="login" path="/bin/bash" dev=sda3
> >> ino=204858 scontext=system_u:system_r:sysadm_t
> >> tcontext=name:sysadm_r:sysadm_t tclass=process
> >> [ 4110.476010] type=1400 audit(1252128145.472:250): avc:  denied  {
> >> rlimitinh } for  pid=5475 comm="bash"
> >> scontext=system_u:system_r:sysadm_t tcontext=name:sysadm_r:sysadm_t
> >> tclass=process
> >> [ 4110.476026] type=1400 audit(1252128145.472:250): avc:  denied  {
> >> siginh } for  pid=5475 comm="bash" scontext=system_u:system_r:sysadm_t
> >> tcontext=name:sysadm_r:sysadm_t tclass=process
> >> [ 4110.476048] type=1400 audit(1252128145.472:250): avc:  denied  {
> >> noatsecure } for  pid=5475 comm="bash"
> >> scontext=system_u:system_r:sysadm_t tcontext=name:sysadm_r:sysadm_t
> >> tclass=process
> >> [ 4110.476096] type=1300 audit(1252128145.472:250): arch=c000003e
> >> syscall=59 success=yes exit=0 a0=616760 a1=7fffce1af800 a2=60a060 a3=0
> >> items=0 ppid=5468 pid=5475 auid=1000 uid=1000 gid=1000 euid=1000
> >> suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=tty1 ses=13
> >> comm="bash" exe="/bin/bash" subj=name:sysadm_r:sysadm_t key=(null)
> >>
> >>
> >> audit2allow shows this:
> >> allow sysadm_t self:process { siginh rlimitinh transition noatsecure };
> >>
> >> seems I had these three avc's fixed by removing securetty
> >> but for some reason these appeared again.
> >>
> >> any ideas would be helpful.
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with the words "unsubscribe selinux" without quotes as the message.

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]