-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/23/2011 12:30 PM, Guido Trentalancia wrote: > On Fri, 2011-09-16 at 11:58 -0400, Daniel J Walsh wrote: >> On 09/16/2011 11:22 AM, Justin P. Mattock wrote: >>> On 09/16/2011 07:59 AM, Daniel J Walsh wrote: >>>> ps -eZ |grep sshd >>> I dont have sshd running, but here is ps auxZ to give you an >>> idea of what I am seeing: http://fpaste.org/u6IB/ >>> >>> if I adjust /etc/pam.d/login and add select_context to >>> pam_selinux.so then do init 3 in lilo I am able to have the >>> context justin:staff_r:staff_t:s0 the way it should. but as >>> soon as I init 5 gdm starts up, and everything goes back to >>> name:staff_r:insmod_t:s0 >>> >>> I think I am either missing a boolean to have the transisiton >>> runing properly, and/or pam.d or some config file somewhere >>> needs to be adjusted. keep in mind refpolicy has no patches >>> added to it(not sure if I need any for systemd), just plain git >>> pull etc... >>> >>> Justin P. Mattock >> Well since you don't have a init_t running, I think your problem >> starts there. Looks like your system is badly mislabeled or >> something in init is broken. I take it this is not a Red Hat >> Based OS? > > I'd actually like to take this opportunity to stress once again > that in my opinion the system boot/init process should fail > irreversibly as soon as the init process has failed to transition > to its own designated context from the initial kernel context. > > Regards, > > Guido > > > -- This message was distributed to subscribers of the selinux > mailing list. If you no longer wish to subscribe, send mail to > majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" > without quotes as the message. > > Well it does crash if you are in enforcing mode on RHEL and Fedora boxes. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk58xB4ACgkQrlYvE4MpobOknQCgvZvYJt8MWanDw1B64Ch7pcfk TXQAoLu6vU0y6Bk7wj8oTE4anrnArCXM =ztXT -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
