From: justinmattock@yahoo.com (Justin P. Mattock)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] pam_selinux(gdm-password:session): Security Context justin:staff_r:insmod_t:s0 Assigned
Date: Fri, 16 Sep 2011 09:11:40 -0700 [thread overview]
Message-ID: <4E73753C.3000809@yahoo.com> (raw)
In-Reply-To: <4E737223.1060601@redhat.com>
On 09/16/2011 08:58 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 09/16/2011 11:22 AM, Justin P. Mattock wrote:
>> On 09/16/2011 07:59 AM, Daniel J Walsh wrote:
>>> ps -eZ |grep sshd
>> I dont have sshd running, but here is ps auxZ to give you an idea
>> of what I am seeing: http://fpaste.org/u6IB/
>>
>> if I adjust /etc/pam.d/login and add select_context to
>> pam_selinux.so then do init 3 in lilo I am able to have the
>> context justin:staff_r:staff_t:s0 the way it should. but as soon
>> as I init 5 gdm starts up, and everything goes back to
>> name:staff_r:insmod_t:s0
>>
>> I think I am either missing a boolean to have the transisiton
>> runing properly, and/or pam.d or some config file somewhere needs
>> to be adjusted. keep in mind refpolicy has no patches added to
>> it(not sure if I need any for systemd), just plain git pull
>> etc...
>>
>> Justin P. Mattock
> Well since you don't have a init_t running, I think your problem
> starts there. Looks like your system is badly mislabeled or something
> in init is broken. I take it this is not a Red Hat Based OS?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk5zciMACgkQrlYvE4MpobOs4wCcD/KSvuhb5GxhPCZcMEDGI1dD
> X70AnR2OLyUzsaLlDRmP0jm7ABwzFHBj
> =aH02
> -----END PGP SIGNATURE-----
the system is fedora 15 nothing tweaked on it. just refpolicy from git
targeted form fedora works fine,
just thought I would give refpolicy-git a try.
think I need to read up on systemd
ls -Z /lib/systemd looks like this:
http://fpaste.org/WOFw/
wondering if maybe /etc/security/pam_env.conf is capable of putting me
into the right context, but then again if
this is just a label issue, then pam_env.conf is not touched.
Justin P. Mattock
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20110916/38c817a7/attachment-0001.html
next prev parent reply other threads:[~2011-09-16 16:11 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-16 3:40 [refpolicy] pam_selinux(gdm-password:session): Security Context justin:staff_r:insmod_t:s0 Assigned Justin Mattock
2011-09-16 14:59 ` Daniel J Walsh
2011-09-16 14:59 ` Daniel J Walsh
2011-09-16 15:22 ` Justin P. Mattock
2011-09-16 15:58 ` Daniel J Walsh
2011-09-16 15:58 ` Daniel J Walsh
2011-09-16 16:11 ` Guido Trentalancia
2011-09-16 16:11 ` Guido Trentalancia
2011-09-16 16:11 ` Justin P. Mattock [this message]
2011-09-23 16:30 ` Guido Trentalancia
2011-09-23 17:38 ` Daniel J Walsh
2011-09-23 19:09 ` Guido Trentalancia
2011-09-23 20:45 ` Eric Paris
2011-09-23 21:12 ` Guido Trentalancia
2011-09-23 21:17 ` Eric Paris
2011-09-23 22:38 ` Guido Trentalancia
2011-09-23 23:12 ` Eric Paris
2011-09-26 13:38 ` Daniel J Walsh
2011-09-27 12:46 ` Stephen Smalley
2011-09-27 16:40 ` Guido Trentalancia
2011-09-27 18:00 ` Daniel J Walsh
2011-09-16 16:02 ` Guido Trentalancia
2011-09-16 16:02 ` Guido Trentalancia
2011-09-16 16:18 ` Justin P. Mattock
2011-09-16 16:27 ` Guido Trentalancia
2011-09-16 16:27 ` Guido Trentalancia
2011-09-16 16:33 ` Justin P. Mattock
2011-09-16 16:24 ` Justin P. Mattock
2011-09-16 16:30 ` Guido Trentalancia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E73753C.3000809@yahoo.com \
--to=justinmattock@yahoo.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.