On 05/15/2009 05:47 PM, Brian Ginn wrote:
I have a server app that runs from xinetd. This server's job is to exec a program. This app is not yet confined by SELinux policy. When I use PAM session service, audit.log shows:
type=USER_ROLE_CHANGE msg=audit(1242413723.389:14866): user pid=24149 uid=0 auid=0 subj=system_u:system_r:inetd_t:s0-s0:c0.c1023 msg='pam: default-context=root:system_r:amanda_t:s0-s0:c0.c1023 selected-context=root:system_r:amanda_t:s0-s0:c0.c1023: exe="/usr/sbin/myserverd" (hostname=?, addr=?, terminal=ptmx res=success)' Somehow, SELinux is deciding that the default context should be ...amanda_t... How is that decision made? Can I create a more correct context (that will be recognized as the default context) without confining the server? Thanks, Brian ------------------------------------------------------------------------ -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
I have no idea what this is, but is there a pam_selinux somewhere being called in your pam stack?
pam_selinux is used for assinging user domains and it is obviously confused. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
