On 11/13/12 10:40, Daniel J Walsh wrote: > On 11/13/2012 11:37 AM, Erinn Looney-Triggs wrote: >> Been trying to figure this one out for a bit. > >> erinn@thin-mint ~ $ id -Z guest_u:guest_r:oddjob_mkhomedir_t:s0 > >> Fine, well not fine, but given that the homedir was created by oddjob since >> this is an IPA client, it makes sense. > >> However: > >> erinn@thin-mint ~ $ sudo semanage login -l > >> Login Name SELinux User MLS/MCS Range > > >> __default__ unconfined_u s0-s0:c0.c1023 > >> erinn unconfined_u s0-s0:c0.c1023 > >> root unconfined_u s0-s0:c0.c1023 > >> system_u system_u s0-s0:c0.c1023 > > >> Ok so I should be an unconfined-U according to this mapping, right? > >> Is this perhaps SSSD interfering? This F18 client is running against a RHEL >> 6.3 IPA server, fully updated. I tried to work with the SELinux mappings in >> IPA, however, I was informed that as of 6.3 they are almost totally broken >> and to wait for the next release. > >> Anyway, any ideas? > >> -Erinn > > > >> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux > > > > Well O have no idea, first make sure your login program has the correct label. > > Well hell Dan if you don't know I might be in some serious trouble ;). ls -lZ $(which gdm) -rwxr-xr-x. root root system_u:object_r:xdm_exec_t:s0 /usr/sbin/gdm I did a relabel of the entire file system just to make sure, still came up as guest_u. Though interestingly, to me at least, it relabelled a bunch of files in my homedir unconfined_u, though not all of them. I haven't done any customization of SELinux on this system, this was a straight clean install of Fedora 18 Alpha. Any other theories? -Erinn
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
