-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/13/2012 01:54 PM, Erinn Looney-Triggs wrote: > On 11/13/12 10:40, Daniel J Walsh wrote: >> On 11/13/2012 11:37 AM, Erinn Looney-Triggs wrote: >>> Been trying to figure this one out for a bit. >> >>> erinn@thin-mint ~ $ id -Z guest_u:guest_r:oddjob_mkhomedir_t:s0 >> >>> Fine, well not fine, but given that the homedir was created by oddjob >>> since this is an IPA client, it makes sense. >> >>> However: >> >>> erinn@thin-mint ~ $ sudo semanage login -l >> >>> Login Name SELinux User MLS/MCS Range >> >> >>> __default__ unconfined_u s0-s0:c0.c1023 >> >>> erinn unconfined_u s0-s0:c0.c1023 >> >>> root unconfined_u s0-s0:c0.c1023 >> >>> system_u system_u s0-s0:c0.c1023 >> >> >>> Ok so I should be an unconfined-U according to this mapping, right? >> >>> Is this perhaps SSSD interfering? This F18 client is running against a >>> RHEL 6.3 IPA server, fully updated. I tried to work with the SELinux >>> mappings in IPA, however, I was informed that as of 6.3 they are almost >>> totally broken and to wait for the next release. >> >>> Anyway, any ideas? >> >>> -Erinn >> >> >> >>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >> >> >> >> Well O have no idea, first make sure your login program has the correct >> label. >> >> > > Well hell Dan if you don't know I might be in some serious trouble ;). > > ls -lZ $(which gdm) -rwxr-xr-x. root root system_u:object_r:xdm_exec_t:s0 > /usr/sbin/gdm > > I did a relabel of the entire file system just to make sure, still came up > as guest_u. Though interestingly, to me at least, it relabelled a bunch of > files in my homedir unconfined_u, though not all of them. > > I haven't done any customization of SELinux on this system, this was a > straight clean install of Fedora 18 Alpha. > > Any other theories? > > -Erinn > > > ps -eZ | grep gdm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCimCIACgkQrlYvE4MpobMqHQCeN3lkLE3y/p1JHm9g4Pn1AOdx O8AAoMZccNoqJ3UaB0fDiQKP5kS/hIjA =E2R4 -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
