From: Dominick Grift <dac.override@gmail.com>
To: selinux@tycho.nsa.gov
Subject: Re: strange pam_selinux behavior
Date: Wed, 23 Mar 2016 19:32:22 +0100 [thread overview]
Message-ID: <56F2E136.6090304@gmail.com> (raw)
In-Reply-To: <56F2D938.8030909@gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 03/23/2016 06:58 PM, Dominick Grift wrote:
<snip>
> This seems to be the code:
>
>> /* we have to check that this user is allowed to go into the
>> range they have specified ... role is tied to an seuser, so
>> that'll be checked at setexeccon time */ if (mls_enabled &&
>> !mls_range_allowed(pamh, defaultcon, newcon, debug)) {
>> pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed
>> for %s", defaultcon, newcon);
>
>> goto fail_set;
>
This seems related:
> class = string_to_security_class("context"); if (!class) {
> pam_syslog(pamh, LOG_ERR, "Failed to translate security class
> context. %m"); return 0; }
since:
pam_selinux(sshd:session): Failed to translate security class
context. Invalid argument
What is a "security class context"?
Is it choking on the periods in my identifiers?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQGcBAEBCAAGBQJW8uExAAoJECV0jlU3+UdpAeML/2jEcDzPDAs6zQlDg3EIk4bg
Dtrs3YD5xVyFH6EyheiG5ZZQBDqge0b5jY3YX0l5eabGyjSI4yTvQOSwUTDtHwqR
NQcZQCKWYE/gA72uRjqok7pxHBj5B84TM8SwVc12xAgs3znyy4yHZjlGFmq0VGXO
K9dn6hDvHK6Hk3p8FhnLvumB+Xd6VZ6Ju76JaKSdA19OQ8tYhN7wMvvYEpAAMNJy
Qh+EMPYkMZfcqemru8A7jZ40wh+pb9XuqZCiE2JtW0F1PpC2Aa6RKlwt79de52fB
AAFn6vD/EPlnDksgFhOn+9bUKtT+/zGA4gaflDLtmv3Z2K6U3txHxMIZOhD3XDc6
/pjcIo2gu0cA7gP1r6jkC2dX3uZzx2BHu00e8ilXuI90nXI51nUoi6HzBDVg6Tdd
fnHrAvkl4qJJCRvNXCRDIUxbOecIuwWbVoHRZJWR/0q2TOIIujPzhYsE0dmzPAif
rmygoDv2H6sNKxqaENT1xZlstkSItRuIeeE31q3Rzw==
=gYpm
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2016-03-23 18:32 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-23 17:58 strange pam_selinux behavior Dominick Grift
2016-03-23 18:32 ` Dominick Grift [this message]
2016-03-23 18:37 ` Dominick Grift
2016-03-23 19:08 ` Stephen Smalley
2016-03-23 19:09 ` Dominick Grift
2016-03-23 19:41 ` Dominick Grift
2016-03-24 13:14 ` Miroslav Grepl
2016-03-24 13:24 ` Dominick Grift
2016-03-24 13:30 ` Miroslav Grepl
2016-03-24 14:01 ` Dominick Grift
2016-03-24 14:31 ` Dominick Grift
2016-03-24 20:42 ` Daniel J Walsh
2016-03-24 20:52 ` Dominick Grift
2016-03-25 16:02 ` Dominick Grift
2016-03-25 16:31 ` Stephen Smalley
2016-03-25 16:45 ` Dominick Grift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56F2E136.6090304@gmail.com \
--to=dac.override@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.