Re: Pam upgrade problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2008-05-07 at 14:29 -0700, Scally, Katrina-P54861 wrote:
> My original problem was With the default pam options, pam_selinux is
> unable to get the user context, during login it would default to
> system_u:system_r:local_login_t context. I got around this problem for
> some time by changing /etc/pam.d/login line to
> 
> Session required pam_selinux.so open verbose select_context. 
> I found on http://www.nsa.gov/selinux/list-archive/0706/21321.cfm that
> this was a bug in pam and by upgrading from pam-0.1.77-66.23.i386.rpm
> (or earlier versions) to pam-0.1.99.6.2-3.26.el5.i386.rpm would get
> rid of the problem. This upgrade has actually caused more problems. I
> can no longer even log into my virtual machine with my install in
> enforcing, in permissive mode it is fine. Unfortunately there are no
> AVC denials when.
> 
> My Virtual Machine is running RHEL5,
> libselinux-1.1.33.4-4.el5.i386.rpm, and reference policy that came
> with the Bedrock tool from Tresys refpolicy-20070417.tar.bz2
> 
> Possibly I missed something while upgrading pam? I have looked through
> all of the files the pam-0.1.99.6.2-3.26.el5.i386.rpm has installed
> and they all seem correct.

Can you provide more information?  Are you logging in at the console,
ssh, or gdm?  I can't find much difference between the RHEL5 policy and
refpolicy for local logins.  Have you tried the stock RHEL5 policy to
see if it stil fails?

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux