1 |
I just installed the latest SELinux stuff from the hardened-development overlay |
2 |
onto my laptop, currently using the targeted profile (though I've also switched |
3 |
to strict and relabelled everything, same effect). |
4 |
|
5 |
When logging in via a display manager, either kdm or gdm, the login session is |
6 |
not switching to the proper security context. Everything is running as |
7 |
system_u:system_r:xdm_t, including my own login context. I rebuilt gdm after |
8 |
switching profiles, so it has USE=selinux; I didn't see a similar USE flag for |
9 |
kdm. |
10 |
|
11 |
This is the first time I've tried Gentoo+SELinux on a non-server in a long time |
12 |
so I'm possibly missing something important. Is there something obvious I |
13 |
should check for? |
14 |
|
15 |
kutulu@platypus ~ $ ls -Z `which kdm` |
16 |
system_u:object_r:xdm_exec_t /usr/bin/kdm |
17 |
kutulu@platypus ~ $ ls -Z `which gdm-binary` |
18 |
system_u:object_r:xdm_exec_t /usr/sbin/gdm-binary |
19 |
kutulu@platypus ~ $ ps xZ |
20 |
LABEL PID TTY STAT TIME COMMAND |
21 |
system_u:system_r:xdm_t 14234 ? Ss 0:00 /bin/sh |
22 |
/usr/bin/startkde |
23 |
system_u:system_r:xdm_t 14298 ? S 0:00 dbus-launch --sh- |
24 |
syntax --exit-with-session |
25 |
system_u:system_r:xdm_t 14299 ? Ssl 0:03 /usr/bin/dbus- |
26 |
daemon --fork --print-pid 5 --print-address 7 --session |
27 |
system_u:system_r:xdm_t 14306 ? Ss 0:00 kdeinit4: kdeinit4 |
28 |
Running... |
29 |
system_u:system_r:xdm_t 14307 ? S 0:00 kdeinit4: klauncher |
30 |
[kdeinit] --fd=8 |
31 |
system_u:system_r:xdm_t 14309 ? Sl 0:01 kdeinit4: kded4 |
32 |
[kdeinit] |
33 |
system_u:system_r:xdm_t 14320 ? S 0:00 kdeinit4: |
34 |
kglobalaccel [kdeinit] |
35 |
system_u:system_r:xdm_t 14327 ? S 0:00 kwrapper4 ksmserver |
36 |
system_u:system_r:xdm_t 14343 ? Sl 0:00 kdeinit4: ksmserver |
37 |
[kdeinit] |
38 |
[...] |
39 |
kutulu@platypus ~ $ id -Z |
40 |
system_u:system_r:xdm_t |
41 |
kutulu@platypus ~ $ ps axZ | grep kdm |
42 |
system_u:system_r:xdm_t 2920 ? Ss 0:00 /usr/bin/kdm |
43 |
kutulu@platypus ~ $ ps axZ | grep X |
44 |
system_u:system_r:xserver_t 2939 tty7 Ss+ 1:16 /usr/bin/X -br - |
45 |
novtswitch -quiet :0 vt7 -nolisten tcp -auth /var/run/xauth/A:0-8zHr3b |