Christopher J. PeBenito wrote:
On Tue, 2008-06-17 at 10:55 -0500, Xavier Toth wrote:
On Tue, Jun 17, 2008 at 10:39 AM, Christopher J. PeBenito
<cpebenito@xxxxxxxxxx> wrote:
On Tue, 2008-06-17 at 09:46 -0500, Xavier Toth wrote:
I'm seeing AVCs related to netlink_audit_socket when the screen saver
dialog is run. gnome-screensaver-dialog opens a pam session which uses
pam_unix which in turn runs the unix_chkpwd helper. I'm thinking that
gnome-screensaver-dialog is going to need some policy including
possibly authlogin_common_auth_domain_template.
I'm not 100% clear, is the auditing happening from unix_chkpwd or the
screensaver proper?
I'm sure that it is unix_chkpwd that is auditing and not
gnome-screensaver-dialog.
Is gnome-screensaver-dialog not running the user domain?
I believe this is true.
I would have
expected that it was, and that when unix_chkpwd is run, that it
transitions to *_unix_chkpwd_t, which should be able to send audit
messages.
You know policy better than I, where is the policy for this?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
