* selinux_required option given and selinux is disabled
@ 2010-06-22 15:53 Justin Mattock
2010-06-22 19:06 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: Justin Mattock @ 2010-06-22 15:53 UTC (permalink / raw)
To: SE-Linux
playing around with pam_namespace I seem to at a crux with trying to
figure out how to use require_selinux in pam.d/login with pam_namespace
heres what I see:
pam_selinux(login:session): Open Session
pam_unix(login:session): session opened for user name by LOGIN(uid=0)
pam_selinux(login:session): Open Session
pam_selinux(login:session): Username= name SELinux User = name Level= s0
pam_selinux(login:session): Security Context name:staff_r:staff_t:s0 Assigned
pam_selinux(login:session): set name security context to name:staff_r:staff_t:s0
pam_selinux(login:session): Key Creation Context
name:staff_r:staff_t:s0 Assigned
pam_selinux(login:session): set name key creation context to
name:staff_r:staff_t:s0
pam_namespace(login:session): selinux_required option given and
selinux is disabled
Cannot make/remove an entry for the specified session
did I miss something with this?
--
Justin P. Mattock
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: selinux_required option given and selinux is disabled
2010-06-22 15:53 selinux_required option given and selinux is disabled Justin Mattock
@ 2010-06-22 19:06 ` Stephen Smalley
2010-06-22 19:29 ` Justin P. Mattock
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2010-06-22 19:06 UTC (permalink / raw)
To: Justin Mattock; +Cc: SE-Linux
On Tue, 2010-06-22 at 08:53 -0700, Justin Mattock wrote:
> playing around with pam_namespace I seem to at a crux with trying to
> figure out how to use require_selinux in pam.d/login with pam_namespace
>
> heres what I see:
>
> pam_selinux(login:session): Open Session
> pam_unix(login:session): session opened for user name by LOGIN(uid=0)
> pam_selinux(login:session): Open Session
> pam_selinux(login:session): Username= name SELinux User = name Level= s0
> pam_selinux(login:session): Security Context name:staff_r:staff_t:s0 Assigned
> pam_selinux(login:session): set name security context to name:staff_r:staff_t:s0
> pam_selinux(login:session): Key Creation Context
> name:staff_r:staff_t:s0 Assigned
> pam_selinux(login:session): set name key creation context to
> name:staff_r:staff_t:s0
> pam_namespace(login:session): selinux_required option given and
> selinux is disabled
> Cannot make/remove an entry for the specified session
>
> did I miss something with this?
Was pam_namespace built with --enable-selinux?
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: selinux_required option given and selinux is disabled
2010-06-22 19:06 ` Stephen Smalley
@ 2010-06-22 19:29 ` Justin P. Mattock
0 siblings, 0 replies; 3+ messages in thread
From: Justin P. Mattock @ 2010-06-22 19:29 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SE-Linux
On 06/22/2010 12:06 PM, Stephen Smalley wrote:
> On Tue, 2010-06-22 at 08:53 -0700, Justin Mattock wrote:
>> playing around with pam_namespace I seem to at a crux with trying to
>> figure out how to use require_selinux in pam.d/login with pam_namespace
>>
>> heres what I see:
>>
>> pam_selinux(login:session): Open Session
>> pam_unix(login:session): session opened for user name by LOGIN(uid=0)
>> pam_selinux(login:session): Open Session
>> pam_selinux(login:session): Username= name SELinux User = name Level= s0
>> pam_selinux(login:session): Security Context name:staff_r:staff_t:s0 Assigned
>> pam_selinux(login:session): set name security context to name:staff_r:staff_t:s0
>> pam_selinux(login:session): Key Creation Context
>> name:staff_r:staff_t:s0 Assigned
>> pam_selinux(login:session): set name key creation context to
>> name:staff_r:staff_t:s0
>> pam_namespace(login:session): selinux_required option given and
>> selinux is disabled
>> Cannot make/remove an entry for the specified session
>>
>> did I miss something with this?
>
> Was pam_namespace built with --enable-selinux?
>
yeah it's always been enabled, as well as audit.. one thing that I
remember is I did receive an error when building(as well as today) to
avoid this error I used the --enable-db=no so maybe this has something
todo with this.
Justin P. Mattock
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-06-22 19:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-06-22 15:53 selinux_required option given and selinux is disabled Justin Mattock
2010-06-22 19:06 ` Stephen Smalley
2010-06-22 19:29 ` Justin P. Mattock
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.