| Main Archive Page > Month Archives > selinux archives |
Re: SELinux and Linux user mapping
From: Christopher J. PeBenito <cpebenito_at_nospam>Date: Tue Feb 05 2008 - 19:47:40 GMT
To: "Stefan Schulze Frielinghaus" <stefan@seekline.net>
On Tue, 2008-02-05 at 20:05 +0100, Stefan Schulze Frielinghaus wrote:
> Since my last upgrade to refpolicy-20071214 whenever I try to login with
> my username I'm in the default role (user).
>
> $ semanage login -l
> [...]
> stefan staff_u
>
> But:
>
> $ id
> uid=1000(stefan) gid=1000(stefan) groups=1000(stefan)
> context=user_u:user_r:user_t
>
> I tried to login locally and remote via ssh. No AVCs are generated or
> whatever. Did I miss something? That's really strange. Did something
> change in the past?
>
> Also other users are always logged in as user_u and not e.g. staff_u
> (enforcing or permissive mode does not change anything).
> I'm using Debian (testing).
I believe debian is using the openssh that has a broken configure script (4.7) which improperly detects getseuserbyname() (it doesnt do -lselinux on the compile test thus it always fails). Debian might possibly be using an old pam patch that doesn't use getseuserbyname(). But these behavior changes wouldn't be tied to a policy change, unless you previously had selinux users which corresponded to your linux user and they were removed with the new policy. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.