My original problem was With the default pam options, pam_selinux is
unable to get the user context, during login it would default to
system_u:system_r:local_login_t context. I got around this problem for
some time by changing /etc/pam.d/login line to
Session required pam_selinux.so open verbose select_context
I found in the mailing list archives to update to pam-0.1.99.6.2-3.26.el5.i386.rpm
I did this as well as updating my reference policy to the latest on the Tresys site.
I am now running into the problem below:
I am logging in via console, what I have found is this:
I have selinux_compat_net=1 in my grub.conf file. If I remove this
from the file I can indeed login with the latest reference policy and
pam-0.1.99.6.2-3.26.el5.i386.rpm.
But I, of course, need to use legacy packet control. I have been
searching around online and see that I can bypass doing this at boot
and possibly set compat_net at runtime. I am wondering why having this
on boot would cause login problems, I don't see the connection.
I am trying to see if I have the same problem when I set compat_net
during runtime.
Thanks in advance for any input,
-K
This email message is for the sole use of the intended recipient(s) and may contain GDC4S confidential or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender by reply email and destroy all copies of the original message.
