On Sun, Oct 12, 2008 at 2:54 AM, Russell Coker <russell@xxxxxxxxxxxx> wrote: > On Sunday 12 October 2008 14:56, "Justin Mattock" <justinmattock@xxxxxxxxx> > wrote: >> Hello; for a while I've been using nubuntu,but now have decided >> to try a full loaded O.S. when using nubuntu there is no automatic >> gnome-desktop-manager, normally just a login then choosing a context, >> then startx. >> Now with ubuntu there's an automatic login screen with bells and whistles, >> what is the best way to add pam_selinux.so so I can choose my context, >> or should I adjust the policy to start in sysadm_r as the default >> instead of user_r? > > Some of the *dm programs have SE Linux support merged (like sshd) so you don't > need pam_selinux.so (it may cause problems). Some of them don't have SE > Linux code and therefore do need pam_selinux.so. Some of them might have the > old version of the code in which case the login->user mapping isn't done and > things will go wrong (best not to use it in that case). > > Run ldd and check for libselinux.so, if it's there then you don't want > pam_selinux.so - so it's a matter of testing whether the code in question is > new enough. If there is no libselinux.so then you can safely use > pam_selinux.so. > > Some of the daemons have only recently been fixed in Lenny, so the broken > versions may still be in Ubuntu. > > -- > russell@xxxxxxxxxxxx > http://etbe.coker.com.au/ My Blog > > http://www.coker.com.au/sponsorship.html Sponsoring Free Software development > Cool, thanks for the info on this one, when doing ldd /usr/sbin/gdm there is libselinux when doing ldd /sbin/usplash there isn't. With this in mind I need to examine the order of operations(still shaky with how this mechanism works) i.g. during bootup gdm is called then after login there's a few second's of nothingness(orange color'ed screen) before the theme song and the rest of the goodies appear. when using pam_selinux.so I noticed when disabling gdm the options to choose the context was not there, until downgrading to sarge/lenny, then was prompted for a context to choose. but unfortunately /etc/init.d/gdm start after the boot process still leaves me in user_r. As for the list of packages I think these are all intrepid. -- Justin P. Mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
