On Wed, 2008-05-07 at 14:29 -0700, Scally, Katrina-P54861 wrote: > My original problem was With the default pam options, pam_selinux is > unable to get the user context, during login it would default to > system_u:system_r:local_login_t context. I got around this problem for > some time by changing /etc/pam.d/login line to > > Session required pam_selinux.so open verbose select_context. > I found on http://www.nsa.gov/selinux/list-archive/0706/21321.cfm that > this was a bug in pam and by upgrading from pam-0.1.77-66.23.i386.rpm > (or earlier versions) to pam-0.1.99.6.2-3.26.el5.i386.rpm would get > rid of the problem. This upgrade has actually caused more problems. I > can no longer even log into my virtual machine with my install in > enforcing, in permissive mode it is fine. Unfortunately there are no > AVC denials when. > > My Virtual Machine is running RHEL5, > libselinux-1.1.33.4-4.el5.i386.rpm, and reference policy that came > with the Bedrock tool from Tresys refpolicy-20070417.tar.bz2 > > Possibly I missed something while upgrading pam? I have looked through > all of the files the pam-0.1.99.6.2-3.26.el5.i386.rpm has installed > and they all seem correct. Can you provide more information? Are you logging in at the console, ssh, or gdm? I can't find much difference between the RHEL5 policy and refpolicy for local logins. Have you tried the stock RHEL5 policy to see if it stil fails? -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
