On Mon, 2008-06-23 at 21:15 +0200, Stefan Schulze Frielinghaus wrote:
> Attached patch solves a problem of local logins while using pam_mount.
> In xserver.te GDM already has this permission to
> manage /var/run/pam_mount. Therefore GDM logins which use pam_mount to
> e.g. decrypt a partition work. But local logins not.
>
> I also had a lot of strange { getattr search } requests of mount. I
> dontaudit everyone and the login still works. I'm not sure if we should
> add these ones to mount_t:
>
> domain_dontaudit_search_all_domains_state(mount_t)
> dontaudit mount_t pam_var_console_t:file write;
> dontaudit mount_t self:process ptrace;
> dontaudit mount_t proc_net_t:lnk_file read;
>
> Nevertheless with the attached patch local logins via pam_mount work.
>
> I cc'd Dan in the hope that he will add the patch to the upstream policy
> of Fedora. Then I don't have to install a local policy for every
> installation. Lazy me ;-)
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
