SELinux default contexts and PAM session?

From: Brian Ginn <BGinn_at_nospam>
Date: Fri May 15 2009 - 21:47:50 GMT
To: "'fedora-selinux-list@redhat.com'" <fedora-selinux-list@redhat.com>

I have a server app that runs from xinetd.

This server's job is to exec a program.

This app is not yet confined by SELinux policy.

When I use PAM session service, audit.log shows:

type=USER_ROLE_CHANGE msg=audit(1242413723.389:14866): user pid=24149 uid=0 auid=0 subj=system_u:system_r:inetd_t:s0-s0:c0.c1023 msg='pam: default-context=root:system_r:amanda_t:s0-s0:c0.c1023 selected-context=root:system_r:amanda_t:s0-s0:c0.c1023: exe="/usr/sbin/myserverd" (hostname=?, addr=?, terminal=ptmx res=success)'

Somehow, SELinux is deciding that the default context should be ...amanda_t... How is that decision made?
Can I create a more correct context (that will be recognized as the default context) without confining the server?

Thanks,
Brian

-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

This message: [ Message body ]
Next message: Brian Ginn: "RE: network failures maybe SELinux related?"
Previous message: Brian Ginn: "network failures maybe SELinux related?"
Next in thread: Daniel J Walsh: "Re: SELinux default contexts and PAM session?"
Reply: Daniel J Walsh: "Re: SELinux default contexts and PAM session?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]