fedora-selinux March 2011 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: i get this on rawhide.

Re: i get this on rawhide.

From: Dominick Grift <domg472_at_nospam>
Date: Wed Mar 30 2011 - 18:18:35 GMT
To: selinux <selinux@lists.fedoraproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/30/2011 08:07 PM, Dominick Grift wrote:
> On 03/30/2011 07:56 PM, Dominick Grift wrote:
>> $ sesearch --allow -SC -T | grep unconfined_login
>> ERROR: policydb version 25 does not match my version range 15-24
>> ERROR: Unable to open policy /etc/selinux/targeted/policy/policy.25.
>> ERROR: Success
>
>> by the way: looks like if i set unconfined_login to off that then
>> sulogin_t is not allowed to execute shell_exec_t?
>
> i meant on instead of off, i think its because my root was mapped to
> unconfined_u: so at least that part of unconfined_login works.

ifdef(`enable_mls',`
        sysadm_shell_domtrans(sulogin_t)
',`
        optional_policy(`
                unconfined_shell_domtrans(sulogin_t)
        ')
')

should that not be:

sysadm_shell_domtrans(sulogin_t)

ifndef(`enable_mls`,'
    optional_policy(`
         unconfined_shell_domtrans(sulogin_t)
    ')
')

Because one can also map root to sysadm_u in targeted policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk2Tc/sACgkQMlxVo39jgT8GBwCgwGeKGOJ9ukqeALi1PFcqSIKb
b6gAn3movTTIjh7zG6VYm6RosBT3gOP2
=+GSJ
-----END PGP SIGNATURE-----
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux