[DSE-User] wrong context with graphical login
Martin Orr
martin at martinorr.name
Mon Jan 12 17:52:12 UTC 2009
Have you fixed the problem in #501647 (i.e. is gdm labelled correctly)?
If not, then do you have the xserver module loaded? (Check semodule -l)
Best wishes,
Martin Orr
On 09/01/09 11:14, Pierre Chifflier wrote:
> Hi,
>
> I would like to help getting SELinux support in Debian (I package
> setroubleshoot, for ex.), but my sid installation got some weird
> problem:
> If I login using a tty or a console, no problem.
> However, if I use a desktop manager (like gdm, but I have also tried kdm
> and wdm), I got a wrong context:
> [~] id -Z
> unconfined_u:system_r:netutils_t:s0-s0:c0.c1023
>
> netutils_t is obviously wrong ...
>
> I tried to find the error, but could not go further than pointing a
> problem in context transitions, as described in bug #501647 [1]
>
> Setup looks correct:
>
> # semanage login -l
>
> Login Name SELinux User MLS/MCS Range
>
> __default__ unconfined_u s0-s0:c0.c1023
> root unconfined_u s0-s0:c0.c1023
> system_u system_u s0-s0:c0.c1023
>
> ~# semanage user -l
>
> Labeling MLS/ MLS/
> SELinux User Prefix MCS Level MCS Range SELinux Roles
>
> root sysadm s0 s0-s0:c0.c1023 staff_r sysadm_r system_r
> staff_u staff s0 s0-s0:c0.c1023 staff_r sysadm_r
> sysadm_u sysadm s0 s0-s0:c0.c1023 sysadm_r
> system_u user s0 s0-s0:c0.c1023 system_r
> unconfined_u unconfined s0 s0-s0:c0.c1023 system_r unconfined_r
> user_u user s0 s0 user_r
>
>
> Note that seems to happen only in Sid, not Lenny. I tried relabelling,
> everything looks fine.
>
> Could you help me please ?
>
> Pierre
>
> [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501647
>
> _______________________________________________
> Selinux-user mailing list
> Selinux-user at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/selinux-user
--
Martin Orr
More information about the Selinux-user
mailing list