Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Chris PeBenito <pebenito@g.o>
To: Ed Wildgoose <lists@××××××××××.com>
Cc: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Can't log into my selinux system
Date: Wed, 28 Apr 2004 16:52:35
Message-Id: 1083171150.345.34.camel@gorn.pebenito.net
In Reply to: Re: [gentoo-hardened] Can't log into my selinux system by Ed Wildgoose
1 On Wed, 2004-04-28 at 09:54, Ed Wildgoose wrote:
2 > Chris PeBenito wrote:
3 > >On Wed, 2004-04-28 at 07:58, Ed Wildgoose wrote:
4 > >
5 > >
6 > >>Oh dear. I can't log into my new selinux system. Keeps saying it can't
7 > >>find a context for root, and would I like to enter a security
8 > >>context....
9 >
10 > On a session which is *still* logged in from before this started, I get
11 > something similar to your results. The difference is that Current
12 > context is system_u:system_r:kernel_t and Controlling term is
13 > system_u:object_r:tty_device_t (I'm logged in as the default root user
14 > by the way)
15 >
16 > I hear what you say, about login contexts, but I'm still not sure where
17 > to look to fix this? How does se search for a users context? Any help
18 > really appreciated (pointers to the docs I should have read will also be
19 > appreciated!) I'm also not sure what I did that started this... It may
20 > have been something I emerged...?
21
22 Login contexts are determined by the running policy, so login gets them
23 by requesting them through selinuxfs (/selinux). So to correctly login
24 locally you need:
25
26 1. correctly setup policy
27 2. agetty is in getty_t
28 3. /bin/login is login_exec_t
29 4. selinuxfs is mounted
30
31 These aren't all the requirements, but the ones that are needed to get
32 login contexts. ps -AZ and look at all the agetty's to make sure
33 they're all running in the right context (since sestatus only shows
34 one). But since your logged in the kernel_t context, and your
35 controlling term is wrong, you should probably restart, so everything
36 can get into the right context.
37
38 --
39 Chris PeBenito
40 <pebenito@g.o>
41 Developer,
42 Hardened Gentoo Linux
43 Embedded Gentoo Linux
44
45 Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
46 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-hardened] Can't log into my selinux system Ed Wildgoose <lists@××××××××××.com>
Report Message
Find on MARC Find on Google Groups