I changed in pam.d/kde all include system-auth to include system-local-login.
Now I'm user_u:user_r:user_t.
Udo Siewert <firstname.lastname@example.org> Saturday 13 of August 2011 04:18:23
> On Sat, 13 Aug 2011 00:25:26 +0200
> Sven Vermeulen <email@example.com> wrote:
> > On Thu, Aug 11, 2011 at 7:25 PM, Udo Siewert <firstname.lastname@example.org>
> > wrote:
> > > /usr/bin/kdm system_u
> > > /usr/bin/xdm system_u
> > >
> > > When starting KDE by /etc/init.d/xdm 'id -Z' ->
> > > system_u:system_r:xdm_t
> > >
> > > and all KDE processes -> system_u:system_r:xdm_t
> > Hmm... assuming xdm works through some PAM configuration, can you
> > tell me how /etc/conf.d/xdm (or kdm, gdm, whatever) looks like?
> > If it doesn't source system-auth (which is where we put the
> > pam_selinux.so call in) that might be the reason...
> you put me in the right direction: in /etc/pam.d/kde
> session required pam_selinux.so open
> session required pam_selinux.so close
> was missing (don't know if I messed it up during dispatch-conf or if it
> is missing by default).
> Thanks for that!