fedora-selinux May 2009 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: SELinux default contexts and PAM session?

Re: SELinux default contexts and PAM session?

From: Daniel J Walsh <dwalsh_at_nospam>
Date: Sat May 16 2009 - 11:59:25 GMT
To: Brian Ginn <BGinn@symark.com>


On 05/15/2009 05:47 PM, Brian Ginn wrote:
> I have a server app that runs from xinetd.
>
> This server's job is to exec a program.
>
> This app is not yet confined by SELinux policy.
>
>
>
> When I use PAM session service, audit.log shows:
>
>

>
> type=USER_ROLE_CHANGE msg=audit(1242413723.389:14866): user pid=24149 uid=0 auid=0 subj=system_u:system_r:inetd_t:s0-s0:c0.c1023 msg='pam: default-context=root:system_r:amanda_t:s0-s0:c0.c1023 selected-context=root:system_r:amanda_t:s0-s0:c0.c1023: exe="/usr/sbin/myserverd" (hostname=?, addr=?, terminal=ptmx res=success)'
>
> Somehow, SELinux is deciding that the default context should be ...amanda_t...
> How is that decision made?
> Can I create a more correct context (that will be recognized as the default context) without confining the server?
>
>
>
> Thanks,
> Brian
>
>
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

I have no idea what this is, but is there a pam_selinux somewhere being called in your pam stack?

pam_selinux is used for assinging user domains and it is obviously confused. -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list