Stephen Smalley wrote:
On Wed, 2004-12-08 at 18:09, Nalin Dahyabhai wrote:
I think some piece of code (pam_selinux maybe?) is assuming that prepending "/dev/" to the value of the PAM_TTY item results in a path which can be relabeled. I think gdm sets it to ":0" on at least some platforms, for example.
Is there a particular command or program being run when this happens, or
is it happening when you log in?
Hmm...I thought that the SELinux patch for gdm was upstreamed and that it no longer needed to use pam_selinux (and I seem to recall pam_selinux not working for gdm anyway since the pam_open_session call was made from the wrong process to set up the exec context), but I still see a pam_selinux entry in /etc/pam.d/gdmsetup. Ok, looking at the gdm SRPM, there is definitely SELinux code in daemon/slave.c to get the user's default context and set the exec context, so I don't see why you'd need pam_selinux for it.
Ok removing from gdm.
