On Fri, 2009-06-05 at 10:10 -0700, Vadym Chepkov wrote: > > --- On Fri, 6/5/09, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > > > > You should have gotten some pam_selinux log messages in > > /var/log/secure > > if you added the debug option and logged into the system > > again. > > > > You should be able to see debug option I added in the sshd file I sent you. > No debug entries in /var/log/secure. Could it be that session call never gets out of pam_winbind, which is called in system-auth? I don't know. Adding debug to that pam entry on a F10 system here and logged in, I get the following in /var/log/secure (omitting the timestamp and hostname prefix): sshd[3745]: pam_selinux(sshd:session): Open Session sshd[3745]: pam_selinux(sshd:session): Username= sds SELinux User = unconfined_u Level= s0 sshd[3745]: pam_selinux(sshd:session): Selected Security Context unconfined_u:unconfined_r:unconfined_t:s0 sshd[3745]: pam_selinux(sshd:session): Checking if unconfined_u:unconfined_r:unconfined_t:s0 mls range valid for unconfined_u:unconfined_r:unconfined_t:s0 sshd[3745]: pam_selinux(sshd:session): set sds security context to unconfined_u:unconfined_r:unconfined_t:s0 sshd[3745]: pam_selinux(sshd:session): set sds key creation context to unconfined_u:unconfined_r:unconfined_t:s0 sshd[3745]: pam_selinux(sshd:session): Close Session -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
