how to run the pam_selinux_check to test SELINUX

how to run the pam_selinux_check to test SELINUX

[Ian jonhson]

Hi all,

I enabled the SELINUX on my FedoraCore4, and test pam_selinux_check.c
(distributed with Linux-PAM-0.99). However, it seems that it doesn't
work, and I have no idea how to do next.

The configuration steps about SELINUX:

1. After I installed my FC4, I set the SELINUX=enforcing in
/etc/sysconfig/selinux;

2. reboot my system. It seems that SELINUX have take in effect, the
FC4 checked and labeled the filesystem...

Then, I configured the PAM in /etc/pam.d/. My steps are as following:

1. create a new PAM configuration file in /etc/pam.d/, named
pam_selinux_check, and edited it as follows:

session  sufficient  pam_selinux.so

2. compile the pam_selinux_check.c

OK. Now I tested the pam_selinux_check and want to see some work
details about SELINUX.

#  ./pam_selinux_check
#                                    /*  <--  nothing happen */

Again, test it with a parameter

# ./pam_selinux_check  tom
#                                   /*  <--  nothing happed too */

did it righ?

I don't know what I have missed in my configuring the selinux and pam.
Maybe, one of the missing is that I just set enforcing in
/etc/sysconfig/selinux, not together with setting SELINUXTYPE=strict.
However, when I set SELINUXTYPE=strict, I got a error message at
booting and system dump. The error message said, I have set nothing
about strict policy.
But I don't know how to install strict policy.

I just test the functionalities about selinux MAC enforcement, so
where can I download a simple strict policy, and how to install in my
FC4+SELINUX?

As for PAM, it seems the configuration file is right, since I found
the pam_selinux.so only built the PAM session hooks.

I don't know what wrong with it, could anybody give me some advices?


Thanks in advance,

Ian

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: how to run the pam_selinux_check to test SELINUX

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ian jonhson wrote:
> Hi all,
> 
> I enabled the SELINUX on my FedoraCore4, and test pam_selinux_check.c
> (distributed with Linux-PAM-0.99). However, it seems that it doesn't
> work, and I have no idea how to do next.
> 
> The configuration steps about SELINUX:
> 
> 1. After I installed my FC4, I set the SELINUX=enforcing in
> /etc/sysconfig/selinux;
> 
> 2. reboot my system. It seems that SELINUX have take in effect, the
> FC4 checked and labeled the filesystem...
> 
> Then, I configured the PAM in /etc/pam.d/. My steps are as following:
> 
> 1. create a new PAM configuration file in /etc/pam.d/, named
> pam_selinux_check, and edited it as follows:
> 
> session  sufficient  pam_selinux.so
> 
> 2. compile the pam_selinux_check.c
> 
> OK. Now I tested the pam_selinux_check and want to see some work
> details about SELINUX.
> 
> #  ./pam_selinux_check
> #                                    /*  <--  nothing happen */
> 
> Again, test it with a parameter
> 
> # ./pam_selinux_check  tom
> #                                   /*  <--  nothing happed too */
> 
> did it righ?
> 
> I don't know what I have missed in my configuring the selinux and pam.
> Maybe, one of the missing is that I just set enforcing in
> /etc/sysconfig/selinux, not together with setting SELINUXTYPE=strict.
> However, when I set SELINUXTYPE=strict, I got a error message at
> booting and system dump. The error message said, I have set nothing
> about strict policy.
> But I don't know how to install strict policy.
> 
> I just test the functionalities about selinux MAC enforcement, so
> where can I download a simple strict policy, and how to install in my
> FC4+SELINUX?
> 
> As for PAM, it seems the configuration file is right, since I found
> the pam_selinux.so only built the PAM session hooks.
> 
> I don't know what wrong with it, could anybody give me some advices?
> 
> 
> Thanks in advance,
> 
> Ian

Ian, We no longer support Fedora Core 4 or 5 for that matter.  So I have
no idea what your problem is.  SELinux has come a long way since FC4 so
If you want to play with SELinux I would advise you to move to Fedora 7
or Fedora 8.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG1uDwrlYvE4MpobMRAlpvAKDrbw3t994MzTvPkCcWj+ysgMsPqQCfZwz4
5y2+GAlGmLoyjmxPcS+Omao=
=ATGS
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.