1 |
You get the same effect even on targeted where your session should be |
2 |
running as unconfined_u:unconfined_r:unconfined_t. |
3 |
|
4 |
Its working with gnome. All processes from gnome-session and below run |
5 |
as unconfined. |
6 |
|
7 |
Looks like a bug. Can you please file it. |
8 |
|
9 |
On 07/30/2011 09:05 PM, Mike Edenfield wrote: |
10 |
> I just installed the latest SELinux stuff from the hardened-development overlay |
11 |
> onto my laptop, currently using the targeted profile (though I've also switched |
12 |
> to strict and relabelled everything, same effect). |
13 |
> |
14 |
> When logging in via a display manager, either kdm or gdm, the login session is |
15 |
> not switching to the proper security context. Everything is running as |
16 |
> system_u:system_r:xdm_t, including my own login context. I rebuilt gdm after |
17 |
> switching profiles, so it has USE=selinux; I didn't see a similar USE flag for |
18 |
> kdm. |
19 |
> |
20 |
> This is the first time I've tried Gentoo+SELinux on a non-server in a long time |
21 |
> so I'm possibly missing something important. Is there something obvious I |
22 |
> should check for? |
23 |
> |
24 |
> kutulu@platypus ~ $ ls -Z `which kdm` |
25 |
> system_u:object_r:xdm_exec_t /usr/bin/kdm |
26 |
> kutulu@platypus ~ $ ls -Z `which gdm-binary` |
27 |
> system_u:object_r:xdm_exec_t /usr/sbin/gdm-binary |
28 |
> kutulu@platypus ~ $ ps xZ |
29 |
> LABEL PID TTY STAT TIME COMMAND |
30 |
> system_u:system_r:xdm_t 14234 ? Ss 0:00 /bin/sh |
31 |
> /usr/bin/startkde |
32 |
> system_u:system_r:xdm_t 14298 ? S 0:00 dbus-launch --sh- |
33 |
> syntax --exit-with-session |
34 |
> system_u:system_r:xdm_t 14299 ? Ssl 0:03 /usr/bin/dbus- |
35 |
> daemon --fork --print-pid 5 --print-address 7 --session |
36 |
> system_u:system_r:xdm_t 14306 ? Ss 0:00 kdeinit4: kdeinit4 |
37 |
> Running... |
38 |
> system_u:system_r:xdm_t 14307 ? S 0:00 kdeinit4: klauncher |
39 |
> [kdeinit] --fd=8 |
40 |
> system_u:system_r:xdm_t 14309 ? Sl 0:01 kdeinit4: kded4 |
41 |
> [kdeinit] |
42 |
> system_u:system_r:xdm_t 14320 ? S 0:00 kdeinit4: |
43 |
> kglobalaccel [kdeinit] |
44 |
> system_u:system_r:xdm_t 14327 ? S 0:00 kwrapper4 ksmserver |
45 |
> system_u:system_r:xdm_t 14343 ? Sl 0:00 kdeinit4: ksmserver |
46 |
> [kdeinit] |
47 |
> [...] |
48 |
> kutulu@platypus ~ $ id -Z |
49 |
> system_u:system_r:xdm_t |
50 |
> kutulu@platypus ~ $ ps axZ | grep kdm |
51 |
> system_u:system_r:xdm_t 2920 ? Ss 0:00 /usr/bin/kdm |
52 |
> kutulu@platypus ~ $ ps axZ | grep X |
53 |
> system_u:system_r:xserver_t 2939 tty7 Ss+ 1:16 /usr/bin/X -br - |
54 |
> novtswitch -quiet :0 vt7 -nolisten tcp -auth /var/run/xauth/A:0-8zHr3b |
55 |
> |
56 |
|
57 |
|
58 |
-- |
59 |
Anthony G. Basile, Ph. D. |
60 |
Chair of Information Technology |
61 |
D'Youville College |
62 |
Buffalo, NY 14201 |
63 |
(716) 829-8197 |