another interesting thing is the following: (seen with the debug option in pam_selinux) assuming that the linux user is mat and the corresponding selinux user is mat_u. during ssh login this happens: Sep 30 16:09:49 testsrv sshd[4328]: pam_selinux(sshd:session): Open Session Sep 30 16:09:49 testsrv sshd[4328]: pam_selinux(sshd:session): Open Session Sep 30 16:09:49 testsrv sshd[4328]: pam_selinux(sshd:session): Username= mat SELinux User = mat_u Level= (null) Sep 30 16:09:49 testsrv sshd[4328]: pam_selinux(sshd:session): set mat security context to mat_u:staff_r:staff_t Sep 30 16:09:49 testsrv sshd[4328]: pam_selinux(sshd:session): set mat key creation context to mat_u:staff_r:staff_t As we can see, the user mapping works as desired and the new choosen context should be all right => mat_u:staff_r:staff_t. But then, when I do an id -Z after successful login, the shell's context is context=user_u:user_r:user_t. Very strange.... -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
