1 |
On Wed, 2004-04-28 at 09:54, Ed Wildgoose wrote: |
2 |
> Chris PeBenito wrote: |
3 |
> >On Wed, 2004-04-28 at 07:58, Ed Wildgoose wrote: |
4 |
> > |
5 |
> > |
6 |
> >>Oh dear. I can't log into my new selinux system. Keeps saying it can't |
7 |
> >>find a context for root, and would I like to enter a security |
8 |
> >>context.... |
9 |
> |
10 |
> On a session which is *still* logged in from before this started, I get |
11 |
> something similar to your results. The difference is that Current |
12 |
> context is system_u:system_r:kernel_t and Controlling term is |
13 |
> system_u:object_r:tty_device_t (I'm logged in as the default root user |
14 |
> by the way) |
15 |
> |
16 |
> I hear what you say, about login contexts, but I'm still not sure where |
17 |
> to look to fix this? How does se search for a users context? Any help |
18 |
> really appreciated (pointers to the docs I should have read will also be |
19 |
> appreciated!) I'm also not sure what I did that started this... It may |
20 |
> have been something I emerged...? |
21 |
|
22 |
Login contexts are determined by the running policy, so login gets them |
23 |
by requesting them through selinuxfs (/selinux). So to correctly login |
24 |
locally you need: |
25 |
|
26 |
1. correctly setup policy |
27 |
2. agetty is in getty_t |
28 |
3. /bin/login is login_exec_t |
29 |
4. selinuxfs is mounted |
30 |
|
31 |
These aren't all the requirements, but the ones that are needed to get |
32 |
login contexts. ps -AZ and look at all the agetty's to make sure |
33 |
they're all running in the right context (since sestatus only shows |
34 |
one). But since your logged in the kernel_t context, and your |
35 |
controlling term is wrong, you should probably restart, so everything |
36 |
can get into the right context. |
37 |
|
38 |
-- |
39 |
Chris PeBenito |
40 |
<pebenito@g.o> |
41 |
Developer, |
42 |
Hardened Gentoo Linux |
43 |
Embedded Gentoo Linux |
44 |
|
45 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
46 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |