Hi all, I enabled the SELINUX on my FedoraCore4, and test pam_selinux_check.c (distributed with Linux-PAM-0.99). However, it seems that it doesn't work, and I have no idea how to do next. The configuration steps about SELINUX: 1. After I installed my FC4, I set the SELINUX=enforcing in /etc/sysconfig/selinux; 2. reboot my system. It seems that SELINUX have take in effect, the FC4 checked and labeled the filesystem... Then, I configured the PAM in /etc/pam.d/. My steps are as following: 1. create a new PAM configuration file in /etc/pam.d/, named pam_selinux_check, and edited it as follows: session sufficient pam_selinux.so 2. compile the pam_selinux_check.c OK. Now I tested the pam_selinux_check and want to see some work details about SELINUX. # ./pam_selinux_check # /* <-- nothing happen */ Again, test it with a parameter # ./pam_selinux_check tom # /* <-- nothing happed too */ did it righ? I don't know what I have missed in my configuring the selinux and pam. Maybe, one of the missing is that I just set enforcing in /etc/sysconfig/selinux, not together with setting SELINUXTYPE=strict. However, when I set SELINUXTYPE=strict, I got a error message at booting and system dump. The error message said, I have set nothing about strict policy. But I don't know how to install strict policy. I just test the functionalities about selinux MAC enforcement, so where can I download a simple strict policy, and how to install in my FC4+SELINUX? As for PAM, it seems the configuration file is right, since I found the pam_selinux.so only built the PAM session hooks. I don't know what wrong with it, could anybody give me some advices? Thanks in advance, Ian _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
