I am lost.
I compared semanage user/login on affected and freshly installed systems - identical. I did relabel several times. both have the same selinux-policy-targeted-3.5.13-59.fc10.noarch installed. on both sshd runs in the same context.
Normal system:
sshd(`system_u:system_r:sshd_t:s0-s0:c0.c1023')
`-sshd(`system_u:system_r:sshd_t:s0-s0:c0.c1023')
`-sshd(`system_u:system_r:sshd_t:s0-s0:c0.c1023')
`-bash(`unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023')
`-pstree(`unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023')
Affected system:
sshd(`system_u:system_r:sshd_t:s0-s0:c0.c1023')
`-sshd(`system_u:system_r:sshd_t:s0-s0:c0.c1023')
`-sshd(`system_u:system_r:sshd_t:s0-s0:c0.c1023')
`-bash(`system_u:system_r:unconfined_t:s0-s0:c0.c1023')
`-pstree(`system_u:system_r:unconfined_t:s0-s0:c0.c1023')
As you can see, my login shell doesn't become 'unconfined_u'.
So, I decided to experiment and added a new SEuser
#semanage user -a -P user -r s0-s0:c0.c1023 -R "system_r unconfined_r" vvc_u
and assigned this SEuser to my login, to see if it makes a difference
#semanage login --add -s vvc_u -r s0-s0:c0.c1023 vvc
$id -Z
system_u:system_r:unconfined_t:s0-s0:c0.c1023
Totally ignored
Is some PAM entry or whatever is missing?
Sincerely yours,
Vadym Chepkov
--- On Tue, 5/26/09, Vadym Chepkov <chepkov@xxxxxxxxx> wrote:
> From: Vadym Chepkov <chepkov@xxxxxxxxx>
> Subject: Re: semodule
> To: "Daniel J Walsh" <dwalsh@xxxxxxxxxx>
> Cc: "Fedora SELinux" <fedora-selinux-list@xxxxxxxxxx>
> Date: Tuesday, May 26, 2009, 3:53 PM
> --- On Tue, 5/26/09, Daniel J Walsh
> <dwalsh@xxxxxxxxxx>
> wrote:
> > Do you have a file in
> > /etc/selinux/targeted/contexts/users/unconfined_u
> >
> -rw-r--r-- 1 root root 578 2009-05-07 07:30
> /etc/selinux/targeted/contexts/users/unconfined_u
>
>
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
