[DSE-User] wrong context with graphical login
Pierre Chifflier
chifflier at inl.fr
Fri Jan 9 11:14:22 UTC 2009
Hi,
I would like to help getting SELinux support in Debian (I package
setroubleshoot, for ex.), but my sid installation got some weird
problem:
If I login using a tty or a console, no problem.
However, if I use a desktop manager (like gdm, but I have also tried kdm
and wdm), I got a wrong context:
[~] id -Z
unconfined_u:system_r:netutils_t:s0-s0:c0.c1023
netutils_t is obviously wrong ...
I tried to find the error, but could not go further than pointing a
problem in context transitions, as described in bug #501647 [1]
Setup looks correct:
# semanage login -l
Login Name SELinux User MLS/MCS Range
__default__ unconfined_u s0-s0:c0.c1023
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023
~# semanage user -l
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range SELinux Roles
root sysadm s0 s0-s0:c0.c1023 staff_r sysadm_r system_r
staff_u staff s0 s0-s0:c0.c1023 staff_r sysadm_r
sysadm_u sysadm s0 s0-s0:c0.c1023 sysadm_r
system_u user s0 s0-s0:c0.c1023 system_r
unconfined_u unconfined s0 s0-s0:c0.c1023 system_r unconfined_r
user_u user s0 s0 user_r
Note that seems to happen only in Sid, not Lenny. I tried relabelling,
everything looks fine.
Could you help me please ?
Pierre
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501647
More information about the Selinux-user
mailing list