1 |
On Saturday, August 13, 2011 12:25:26 AM Sven Vermeulen wrote: |
2 |
> On Thu, Aug 11, 2011 at 7:25 PM, Udo Siewert <algenib@×××××××.com> wrote: |
3 |
> > /usr/bin/kdm system_u:object_r:xdm_exec_t |
4 |
> > /usr/bin/xdm system_u:object_r:xdm_exec_t |
5 |
> > |
6 |
> > When starting KDE by /etc/init.d/xdm 'id -Z' -> |
7 |
> > system_u:system_r:xdm_t |
8 |
> > |
9 |
> > and all KDE processes -> system_u:system_r:xdm_t |
10 |
> |
11 |
> Hmm... assuming xdm works through some PAM configuration, can you tell me |
12 |
> how /etc/conf.d/xdm (or kdm, gdm, whatever) looks like? |
13 |
> |
14 |
> If it doesn't source system-auth (which is where we put the pam_selinux.so |
15 |
> call in) that might be the reason... |
16 |
|
17 |
My system-auth doesn't have anything about SELinux in it. The pam_selinux.so |
18 |
calls are in system-login. This looks like what pambase is supposed to be |
19 |
doing. system-login.in has these: |
20 |
|
21 |
#if HAVE_SELINUX |
22 |
session required pam_selinux.so close |
23 |
#endif |
24 |
|
25 |
and system-auth.in doesn't. |
26 |
|
27 |
Which one should kdm/gdm be using? Right now /etc/pam.d/kde pulls in system- |
28 |
auth. Can I just move the pam_selinux calls? |
29 |
|
30 |
--Mike |