Re: Fwd: SELinux user login problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All,
 
Thanks for replay to me.   This is am getting audit messages form /var/log/audit/audit.log.

type=AVC msg=audit(1235820249.704:255): avc:  denied  { rlimitinh } for  pid=4296 comm="login" scontext=system_u:system_r:getty_t:s0 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1235820249.704:255): avc:  denied  { noatsecure } for  pid=4296 comm="login" scontext=system_u:system_r:getty_t:s0 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1235820249.704:255): arch=c000003e syscall=59 success=yes exit=0 a0=402269 a1=7fff186d7030 a2=7fff186d9550 a3=22 items=0 ppid=1 pid=4296 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty4 comm="login" exe="/bin/login" subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null)
type=USER_AUTH msg=audit(1235820253.552:256): user pid=4296 uid=0 auid=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: authentication acct="user1" : exe="/bin/login" (hostname=?, addr=?, terminal=tty4 res=success)'
type=USER_ACCT msg=audit(1235820253.555:257): user pid=4296 uid=0 auid=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: accounting acct="user1" : exe="/bin/login" (hostname=?, addr=?, terminal=tty4 res=success)'
type=LOGIN msg=audit(1235820253.560:258): login pid=4296 uid=0 old auid=4294967295 new auid=527
type=USER_ROLE_CHANGE msg=audit(1235820253.567:259): user pid=4296 uid=0 auid=527 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=prakash:prakash_r:prakash_t:s0 selected-context=prakash:prakash_r:prakash_t:s0: exe="/bin/login" (hostname=?, addr=?, terminal=tty4 res=success)'
type=USER_START msg=audit(1235820253.568:260): user pid=4296 uid=0 auid=527 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: session open acct="user1" : exe="/bin/login" (hostname=?, addr=?, terminal=tty4 res=success)'
type=CRED_ACQ msg=audit(1235820253.568:261): user pid=4296 uid=0 auid=527 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: setcred acct="user1" : exe="/bin/login" (hostname=?, addr=?, terminal=tty4 res=success)'
type=USER_LOGIN msg=audit(1235820253.570:262): user pid=4296 uid=0 auid=527 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='uid=527: exe="/bin/login" (hostname=?, addr=?, terminal=tty4 res=success)'
type=AVC msg=audit(1235820275.060:263): avc:  denied  { siginh } for  pid=4132 comm="login" scontext=system_u:system_r:getty_t:s0 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1235820275.060:263): avc:  denied  { rlimitinh } for  pid=4132 comm="login" scontext=system_u:system_r:getty_t:s0 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1235820275.060:263): avc:  denied  { noatsecure } for  pid=4132 comm="login" scontext=system_u:system_r:getty_t:s0 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1235820275.060:263): arch=c000003e syscall=59 success=yes exit=0 a0=402269 a1=7fff1bcb84a0 a2=7fff1bcba9c0 a3=22 items=0 ppid=1 pid=4132 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty2 comm="login" exe="/bin/login" subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null)

Thanks,

Prakah

On Sat, Feb 28, 2009 at 12:36 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

prakash hallalli wrote:
> Hi All,
>
>         I am using CentOS-5 x86_64, I have followed what u have sent the
> steps.
>         But still i am getting same user login problem. I am not able to
> login
>         user properly in system.
>
>       These are i have followed the steps.
>
>      1. Create a source policy module:-
>
>       #cd /home/prakash
>       #vi prakash.te
>         policy_module(prakash, 0.0.1)
>         role prakash_r;
>         userdom_unpriv_user_template(prakash);
>
>        2. Build the source policy module:
>
>         #make -f /usr/share/selinux/devel/Makefile
>
>        3. Install the binary policy module:
>
>        #semodule -i prakash.pp
>
>      4. Create default contexts for prakash:
>
>        #cd /etc/selinux/targeted/contexts/users
>        #vi prakash
>         system_r:system_local_login_t:s0   prakash_r:prakash_t:s0
>         system_r:remote_login_t:s0             prakash_r:prakash_t:s0
>         system_r:sshd_t:s0                          prakash_r:prakash_t:s0
>         system_r:crond_t:s0                         prakash_r:prakash_t:s0
>         system_r:xdm_t:s0                           prakash_r:prakash_t:s0
>         prakash_r:prakash_su_t:s0              prakash_r:prakash_t:s0
>         prakash_r:prakash_sudo_t:s0          prakash_r:prakash_t:s0
>         system_r:initrc_su_t:s0                     prakash_r:prakash_t:s0
>         prakash_r:prakash_t:s0                     prakash_r:prakash_t:s0
>
> 5. Create a SELinux user mapping for prakash:
>
>      #semanage user -a -L s0 -r s0-s0 -R "prakash_r" -P user prakash
>
> 6. Add new prakash user for user1:
>
>      #useradd -Z prakash user1
>
> 7. when i will try to login in the system, will get permission denied
> message.
>
> gtt login: user1
> password: XXXXXX
>
>  -bash:  /home/user1/.bash_profile: Permission denied
> -bash-3.1$id
> uid=524(user1) gid=525(user1) groups=525(user1)
> context=prakash:prakash_r:prakash_t
>
>   I tryed  to one more user then all so i got same problem. I am not sure
> what i did  the mistakes, Please help me what i have to do.
>
> Thanks,
> Prakash, k, h.
>
> On Wed, Feb 25, 2009 at 9:17 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
>
> prakash hallalli wrote:
>>>> Hi All,
>>>>
>>>>        I have created 'myuser'  user and  created custom module policy
> for
>>>> user.
>>>>        I have installed successfully module, but when i logging myuser in
>>>>     i will get bash prompt.
>>>>
>>>>        I have followed  as below steps for creating module.
>>>>
>>>>    #vi myuser.te
>>>>                          policy_module(myuser, 0.0.1)
>>>>                          role myuser_r;
>>>>                          userdom_unpriv_user_templete(myuser)
>>>>
>>>> #make ­-f /usr/share/selinux/devel/Makefile
>>>> #sudo semodule ­i myuser.pp
>>>> #semanage user ­a ­L s0 ­r s0­s0 ­L "myuser1_r" ­P user myuser1
>>>> #useradd ­Z myuser1 myuser1
>>>>
>>>> I did all the step when i try login in system following error will
> display.
>>>> gtt login: myuser
>>>> password: XXXXXX
>>>>
>>>> -bash:  /home/myuser/.bash_profile: Permission denied
>>>> -bash-3.1$
>>>>
>>>> Please give what should i have to do.
>>>>
>>>> Thanks,
>>>> Prakash.
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> --
>>>> fedora-selinux-list mailing list
>>>> fedora-selinux-list@xxxxxxxxxx
>>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Which OS and Version.
>
> Depending on the policy you might need to relabe the homedir to get the
> labels correct.
>
> restorecon -R -v /home
>
>>

> ------------------------------------------------------------------------

> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Please attach the AVC messages from /var/log/audit/audit.log.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmoOc0ACgkQrlYvE4MpobNI/QCeOM9/9g9s3qIEb/b+w5gdGF3e
VxYAnROI42+yd2xSycJJPqEVjovwMuVA
=zXsG
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux