On Wed, 2007-12-26 at 16:01 -0700, Peter A. Bigot wrote:
> This patch appears necessary to get the reference policy to run on Fedora
> 8. Without it attempts to login on the console get:
>
> type=SYSCALL msg=audit(12/26/2007 15:03:13.840:126) : arch=i386 syscall=write success=no exit=-1(Operation not permitted) a0=4 a1=bff0a630 a2=1 a3=1 items=0 ppid=1 pid=2221 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=tty2 comm=login exe=/bin/login subj=system_u:system_r:local_login_t:s0-s15:c0.c255 key=(null)
> type=AVC msg=audit(12/26/2007 15:03:13.840:126) : avc: denied { audit_control } for pid=2221 comm=login capability=audit_control scontext=system_u:system_r:local_login_t:s0-s15:c0.c255 tcontext=system_u:system_r:local_login_t:s0-s15:c0.c255 tclass=capability
>
> The basic fix was previously submitted by Dan Walsh to the SELinux mailing
> list on 14 Apr 2005, noting that pam_loginuid required this capability. If
> subsequently another way to work around this was preferred, please let me
> know; I'm extremely new to SELinux and am still fumbling.
The rule is in auth_login_pgm_domain() but was mistakenly commented out.
I have uncommented it in trunk.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
