On Tue, 2008-02-05 at 20:05 +0100, Stefan Schulze Frielinghaus wrote: > Since my last upgrade to refpolicy-20071214 whenever I try to login with > my username I'm in the default role (user). > > $ semanage login -l > [...] > stefan staff_u > > But: > > $ id > uid=1000(stefan) gid=1000(stefan) groups=1000(stefan) > context=user_u:user_r:user_t > > I tried to login locally and remote via ssh. No AVCs are generated or > whatever. Did I miss something? That's really strange. Did something > change in the past? > > Also other users are always logged in as user_u and not e.g. staff_u > (enforcing or permissive mode does not change anything). > I'm using Debian (testing). I believe debian is using the openssh that has a broken configure script (4.7) which improperly detects getseuserbyname() (it doesnt do -lselinux on the compile test thus it always fails). Debian might possibly be using an old pam patch that doesn't use getseuserbyname(). But these behavior changes wouldn't be tied to a policy change, unless you previously had selinux users which corresponded to your linux user and they were removed with the new policy. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
