> -----Original Message----- > From: fedora-selinux-list-bounces@xxxxxxxxxx [mailto:fedora-selinux-list- > bounces@xxxxxxxxxx] On Behalf Of Bob Gustafson > Sent: Monday, May 24, 2004 2:33 PM > To: t.pitt@xxxxxxxxxxxxxxxx; Fedora SELinux support list for users & > developers. > Subject: Re: New user > > Some added information > > [root@hoho2 user1]# ls -lZ /etc/security/selinux/src/policy/policy.conf > -rw-r--r--+ root root > system_u:object_r:policy_src_t > /etc/security/selinux/src/policy/policy.conf > > [root@hoho2 user1]# cat /proc/version > Linux version 2.6.6-1.377smp (bhcompile@xxxxxxxxxxxxxxxxxxxxxxx) (gcc > version 3.3.3 20040412 (Red Hat > Linux 3.3.3-7)) #1 SMP Sat May 22 15:16:37 EDT 2004 > > [root@hoho2 user1]# which seuser > /usr/bin/seuser > > [root@hoho2 user1]# ls -lZ /usr/bin/seuser -rwxr-xr-x+ root root > system_u:object_r:bin_t > /usr/bin/seuser > [root@hoho2 user1]# > This is part of the problem - seuser runs in its own domain so the binary needs to be labeled seuser_exec_t. Unfortunately it looks like seuser is quite broken on FC2. You can fix it by: 1) mv /etc/security/selinux/src/policy/domains/program/unused/seuser.te to etc/security/selinux/src/policy/domains/program/seuser.te. 2) edit /etc/security/selinux/src/policy/file_contexts/programs/seuser.fc changing "/usr/apol/seuser.conf" to "/usr/share/setools/seuser.conf". 3) remake and reload the policy. 4) run restorecon on /usr/bin/seuser and /usr/share/setools/seuser.conf This should make seuser behave properly. I'm not certain what is going on with the outdated fc file - we currently generate that file in our distribution of setools, but had been accidentally included an outdated version with the source. Probably someone just copied that old file (understandably). Hopefully we can get some of these fixes pushed out as an update - is the appropriate process to enter a bugzilla case with a patch? Karl Karl MacMillan Tresys Technology http://www.tresys.com (410)290-1411 ext 134 > ------- previously sent a minute or so ago -- > > You are further along .. > > I get > > [root@hoho2 user1]# date > Mon May 24 13:16:52 CDT 2004 > [root@hoho2 user1]# seuser show users > Could not open policy.conf file > [root@hoho2 user1]# > > I have FC2 installed clean with all updates (incl development) to this > moment (except for ppp - which is having a problem independent of > selinux). > > Booting with kernel boot parame 'selinux=1 enforcing=0' (not enforce=0..) > The boot was done just after a run of '/sbin/fixfiles relabel' at init > level 1. > > BobG > > > On Mon, 24 May 2004 16:13:48 +0100, Anthony Pitt wrote: > >Hi there, > > I hope you can help. I've just installed 'Fedora COre2', with > Selinux > >enabled. > >Using 'seuser' I created a new 'defined' selinux user, with user_r role > >only. I also created the users /home/* directory under the same process. > >I'm using the 'gnome' window manager interface. > >Now when I try to log on with this new user, I get all sorts of errors to > >do with the users environment, eventually allowing me a blank interface, > >with 'right-click' functionality only. > >Any ideas? > >Tony. > > > >---------------------------------------------------------------------- > >A D Pitt Ph:+44(0)1684 895757 > >Rm B006 Woodward Building Fax:+44(0)1684 896660 > >QinetiQ email:t.pitt@xxxxxxxxxxxxxxxx > >Malvern Technology Centre, > >St Andrews Road > >Malvern > >Worcs. > >WR14 3PS > > > >URL:http://www.qinetiq.com/home_enterprise_security.html > >-- > >fedora-selinux-list mailing list > >fedora-selinux-list@xxxxxxxxxx > >http://www.redhat.com/mailman/listinfo/fedora-selinux-list > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-selinux-list
