FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 05-07-2008, 09:29 PM
"Scally, Katrina-P54861"
 
Default Pam upgrade problem

Title: Pam upgrade problem







My original problem was With the default pam options, pam_selinux is unable to get the user context, during login it would default to system_u:system_r:local_login_t context. I got around this problem for some time by changing /etc/pam.d/login line to



Session required pam_selinux.so open verbose select_context.


I found on http://www.nsa.gov/selinux/list-archive/0706/21321.cfm that this was a bug in pam and by upgrading from pam-0.1.77-66.23.i386.rpm (or earlier versions) to pam-0.1.99.6.2-3.26.el5.i386.rpm would get rid of the problem. This upgrade has actually caused more problems. I can no longer even log into my virtual machine with my install in enforcing, in permissive mode it is fine. Unfortunately there are no AVC denials when.



My Virtual Machine is running RHEL5, libselinux-1.1.33.4-4.el5.i386.rpm, and reference policy that came with the Bedrock tool from Tresys refpolicy-20070417.tar.bz2



Possibly I missed something while upgrading pam? I have looked through all of the files the pam-0.1.99.6.2-3.26.el5.i386.rpm has installed and they all seem correct.



Thanks in advance,


-K




This email message is for the sole use of the intended recipient(s) and may contain GDC4S confidential or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender by reply email and destroy all copies of the original message.



--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 05-08-2008, 02:13 PM
"Christopher J. PeBenito"
 
Default Pam upgrade problem

On Wed, 2008-05-07 at 14:29 -0700, Scally, Katrina-P54861 wrote:
> My original problem was With the default pam options, pam_selinux is
> unable to get the user context, during login it would default to
> system_u:system_r:local_login_t context. I got around this problem for
> some time by changing /etc/pam.d/login line to
>
> Session required pam_selinux.so open verbose select_context.
> I found on http://www.nsa.gov/selinux/list-archive/0706/21321.cfm that
> this was a bug in pam and by upgrading from pam-0.1.77-66.23.i386.rpm
> (or earlier versions) to pam-0.1.99.6.2-3.26.el5.i386.rpm would get
> rid of the problem. This upgrade has actually caused more problems. I
> can no longer even log into my virtual machine with my install in
> enforcing, in permissive mode it is fine. Unfortunately there are no
> AVC denials when.
>
> My Virtual Machine is running RHEL5,
> libselinux-1.1.33.4-4.el5.i386.rpm, and reference policy that came
> with the Bedrock tool from Tresys refpolicy-20070417.tar.bz2
>
> Possibly I missed something while upgrading pam? I have looked through
> all of the files the pam-0.1.99.6.2-3.26.el5.i386.rpm has installed
> and they all seem correct.

Can you provide more information? Are you logging in at the console,
ssh, or gdm? I can't find much difference between the RHEL5 policy and
refpolicy for local logins. Have you tried the stock RHEL5 policy to
see if it stil fails?

--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 09:04 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org