| 1 |
Chris PeBenito wrote: |
| 2 |
|
| 3 |
>On Wed, 2004-04-28 at 07:58, Ed Wildgoose wrote: |
| 4 |
> |
| 5 |
> |
| 6 |
>>Oh dear. I can't log into my new selinux system. Keeps saying it can't |
| 7 |
>>find a context for root, and would I like to enter a security |
| 8 |
>>context.... Obviously I saw the note about this situation in the FAQ, |
| 9 |
>>and have reloaded the entire policy and relabeled the entire fs a few |
| 10 |
>>times. Any pointers on what is happening here please? (It's not in |
| 11 |
>>enforcing mode, so why is this happening at all?) |
| 12 |
>> |
| 13 |
>> |
| 14 |
> |
| 15 |
>This happens because regardless of permissive/enforcing, the security |
| 16 |
>functions that tell login what a user's login contexts are, always work |
| 17 |
>the same. If login isn't in the right context, then it won't return any |
| 18 |
>contexts. I wrote sestatus for these situations; run sestatus -v, and |
| 19 |
>the contexts should look like this: |
| 20 |
> |
| 21 |
>Process contexts: |
| 22 |
>Current context: pebenito:sysadm_r:sysadm_t |
| 23 |
>Init context: system_u:system_r:init_t |
| 24 |
>/sbin/mingetty system_u:system_r:getty_t |
| 25 |
>/sbin/agetty system_u:system_r:getty_t |
| 26 |
>/usr/sbin/sshd system_u:system_r:sshd_t |
| 27 |
> |
| 28 |
>File contexts: |
| 29 |
>Controlling term: pebenito:object_r:sysadm_devpts_t |
| 30 |
>/etc/passwd system_u:object_r:etc_t |
| 31 |
>/etc/shadow system_u:object_r:shadow_t |
| 32 |
>/bin/bash system_u:object_r:shell_exec_t |
| 33 |
>/bin/login system_u:object_r:login_exec_t |
| 34 |
>/bin/sh system_u:object_r:bin_t -> system_u:object_r:shell_exec_t |
| 35 |
>/sbin/agetty system_u:object_r:getty_exec_t |
| 36 |
>/sbin/init system_u:object_r:init_exec_t |
| 37 |
>/sbin/mingetty system_u:object_r:getty_exec_t |
| 38 |
>/usr/sbin/sshd system_u:object_r:sshd_exec_t |
| 39 |
>/lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:shlib_t |
| 40 |
>/lib/ld.so.1 system_u:object_r:lib_t -> system_u:object_r:ld_so_t |
| 41 |
> |
| 42 |
> |
| 43 |
|
| 44 |
Hi Chris, |
| 45 |
|
| 46 |
On a session which is *still* logged in from before this started, I get |
| 47 |
something similar to your results. The difference is that Current |
| 48 |
context is system_u:system_r:kernel_t and Controlling term is |
| 49 |
system_u:object_r:tty_device_t (I'm logged in as the default root user |
| 50 |
by the way) |
| 51 |
|
| 52 |
I hear what you say, about login contexts, but I'm still not sure where |
| 53 |
to look to fix this? How does se search for a users context? Any help |
| 54 |
really appreciated (pointers to the docs I should have read will also be |
| 55 |
appreciated!) I'm also not sure what I did that started this... It may |
| 56 |
have been something I emerged...? |
| 57 |
|
| 58 |
Thanks |
| 59 |
|
| 60 |
Ed W |
| 61 |
|
| 62 |
-- |
| 63 |
gentoo-hardened@g.o mailing list |
Archives