login process

login process

[Carlos Anísio Monteiro]

[-- Attachment #1: Type: text/plain, Size: 589 bytes --]

Hi.

1) Always that login at system, it request the role and the type. (it is 
not very clearly, excuse).

The message is the one that follows:

boot process ...

login:   root
password: *******
*Login: unable to obtain context for root
Would you like to enter a security context? [y] *

I answer y.

Enter role   *sysadm_r*
Enter type   *sysadm_t*

messages AVC: denied. *The login process is OK*.

I have always that  to provide this role and type?
I think that login process not is recognize the files of context 
(/etc/security/default_type or /etc/security/default_context).

Thanks.

[-- Attachment #2: Type: text/html, Size: 863 bytes --]

login process

[Carlos Anísio Monteiro]

[-- Attachment #1: Type: text/plain, Size: 1 bytes --]



[-- Attachment #2: login process --]
[-- Type: message/rfc822, Size: 4321 bytes --]

[-- Attachment #2.1.1: Type: text/plain, Size: 589 bytes --]

Hi.

1) Always that login at system, it request the role and the type. (it is 
not very clearly, excuse).

The message is the one that follows:

boot process ...

login:   root
password: *******
*Login: unable to obtain context for root
Would you like to enter a security context? [y] *

I answer y.

Enter role   *sysadm_r*
Enter type   *sysadm_t*

messages AVC: denied. *The login process is OK*.

I have always that  to provide this role and type?
I think that login process not is recognize the files of context 
(/etc/security/default_type or /etc/security/default_context).

Thanks.

[-- Attachment #2.1.2: Type: text/html, Size: 863 bytes --]

Re: login process

[Russell Coker]

The most likely cause of that problem is the login process running in the 
wrong domain.  The set of acceptable contexts for the user process is 
determined from the context of the login process (should be 
system_u:object_r:local_login_t) and the file /etc/security/default_contexts.

Assuming that your default_contexts file has the correct data (most likely as 
it a default install will put the right file there) then the problem is the 
context of the login process.

If you run "ps ax --context | grep login" then you'll see the context.

The wrong context can be caused by /bin/login having the wrong type 
(ls --context to inspect it) or by the parent process (getty) running in the 
wrong context.


PS  If you have problems sending to the list please paste the text into a new 
message rather than forwarding.  Forwarding tends to leave the message as an 
attachment and break quoting.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.