Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <sven.vermeulen@××××××.be>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/
Date: Thu, 05 Apr 2012 18:51:40
Message-Id: 1333651706.aa8b3763c5c94be4e0bce63547b89fc73065f667.SwifT@gentoo
1 commit: aa8b3763c5c94be4e0bce63547b89fc73065f667
2 Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3 AuthorDate: Thu Apr 5 18:48:26 2012 +0000
4 Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5 CommitDate: Thu Apr 5 18:48:26 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=aa8b3763
7
8 Add information on XDM and other support
9
10 ---
11 xml/selinux-faq.xml | 34 ++++++++++++++++++++++++++++++++--
12 1 files changed, 32 insertions(+), 2 deletions(-)
13
14 diff --git a/xml/selinux-faq.xml b/xml/selinux-faq.xml
15 index 62c2c28..965adca 100644
16 --- a/xml/selinux-faq.xml
17 +++ b/xml/selinux-faq.xml
18 @@ -17,8 +17,8 @@ The FAQ is a collection of solutions found on IRC, mailinglist, forums or
19 elsewhere
20 </abstract>
21
22 -<version>20</version>
23 -<date>2012-02-26</date>
24 +<version>21</version>
25 +<date>2012-04-05</date>
26
27 <faqindex>
28 <title>Questions</title>
29 @@ -862,5 +862,35 @@ When enabled, enforcing mode cannot be disabled anymore (until you reboot).
30
31 </body>
32 </section>
33 +<section id="xdm">
34 +<title>Logons through xdm (or similar) fail</title>
35 +<body>
36 +
37 +<p>
38 +If you log on through xdm, gdm, kdm, slim or any other graphical logon manager,
39 +you might notice in permissive mode that your context is off, and in enforcing
40 +mode that you just cannot log on.
41 +</p>
42 +
43 +<p>
44 +The reason of this is that PAM needs to be configured to include SELinux
45 +awareness in your session handling:
46 +</p>
47 +
48 +<pre caption="Updating pam setting for gdm">
49 +...
50 +session required pam_loginuid.so
51 +session optional pam_console.so
52 +<i>session optional pam_selinux.so</i>
53 +</pre>
54 +
55 +<p>
56 +Replicate the calls towards <path>pam_selinux.so</path> in the various
57 +<path>/etc/pam.d/gdm*</path> files (or similar depending on your graphical
58 +logon manager).
59 +</p>
60 +
61 +</body>
62 +</section>
63 </chapter>
64 </guide>
Report Message
Find on MARC Find on Google Groups