| 1 |
On 02/27/12 23:57, Hinnerk van Bruinehsen wrote: |
| 2 |
> On 27.02.2012 21:15, Sven Vermeulen wrote: |
| 3 |
> > On Mon, Feb 27, 2012 at 09:53:41PM +0200, Cor Legmaat wrote: |
| 4 |
> >>>> This is what I get with gnome-terminal: |
| 5 |
> >>>>> cor@k53s ~ $ id -Z system_u:system_r:initrc_t cor@k53s ~ $ |
| 6 |
> >>>>> ssh 127.0.0.1 Last login: Mon Feb 27 20:01:41 SAST 2012 |
| 7 |
> >>>>> from k53s.cor.za.net on pts/1 cor@k53s ~ $ id -Z |
| 8 |
> >>>>> staff_u:staff_r:staff_t |
| 9 |
> > [...] |
| 10 |
> |
| 11 |
> > Hmm, being in initrc_t isn't correct either; I'd at least expect it |
| 12 |
> > to be xdm_t. |
| 13 |
> |
| 14 |
> > Can you check the file context of your gdm binary? |
| 15 |
> |
| 16 |
> > ~# ls -Z /usr/sbin/gdm |
| 17 |
> |
| 18 |
> > It should be xdm_exec_t (yes, xdm_exec_t, not gdm_exec_t). If not, |
| 19 |
> > set it that way (and tell me which path the binary is at so I can |
| 20 |
> > update the policy). |
| 21 |
> |
| 22 |
> > ~# chcon -t xdm_exec_t /usr/sbin/gdm |
| 23 |
> |
| 24 |
> > If the system complains about an unknown type, make sure you have |
| 25 |
> > the xserver module loaded: |
| 26 |
> |
| 27 |
> > ~# emerge selinux-xserver ~# semodule -l | grep xserver ~# rlpkg |
| 28 |
> > gdm ~# ls -Z /usr/sbin/gdm |
| 29 |
> |
| 30 |
> > Wkr, Sven Vermeulen |
| 31 |
> |
| 32 |
> |
| 33 |
> If have had problems with this myself. Making pam_selinux.so required |
| 34 |
> in the gdm pam file changed it for me most of the time. |
| 35 |
> Sometimes I seem to hit some kind of race condition though which |
| 36 |
> requires me to restart xdm before getting the right context. It's kind |
| 37 |
> of anoying... |
| 38 |
> |
| 39 |
~ #ls -Z /usr/sbin/gdm |
| 40 |
system_u:object_r:bin_t /usr/sbin/gdm |
| 41 |
|
| 42 |
selinux-xserver wasn't installed, I installed it now. |
| 43 |
|
| 44 |
~ #semodule -l | grep xserver |
| 45 |
xserver 3.6.0 |
| 46 |
~ #ls -Z /usr/sbin/gdm |
| 47 |
system_u:object_r:bin_t /usr/sbin/gdm |
| 48 |
|
| 49 |
~ #chcon -t xdm_exec_t /usr/sbin/gdm |
| 50 |
~ #ls -Z /usr/sbin/gdm |
| 51 |
system_u:object_r:bin_t /usr/sbin/gdm |
| 52 |
|
| 53 |
~ # rlpkg gdm |
| 54 |
Relabeling: gnome-base/gdm-3.2.1.1-r2 |
| 55 |
/sbin/restorecon: lstat(/var/run/gdm/greeter) failed: No such file or |
| 56 |
directory |
| 57 |
Error relabeling: 256 |
| 58 |
|
| 59 |
after that with gnome-terminal: |
| 60 |
~ # id -Z |
| 61 |
system_u:system_r:xdm_t |
| 62 |
|
| 63 |
Also made pam_selinux.so required but that didn't change any thing. |
| 64 |
|
| 65 |
Regards: |
| 66 |
Cor |
Archives