[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#415481: Login fails with selinux

On 19/03/07 21:53, Sune Vuorela wrote:
> On Monday 19 March 2007, Martin Orr wrote:
>> When I log in to kdm, I get thrown straight back to the kdm greeter without
>> any error messages.
>> I have selinux on this box, in permissive mode.  If I boot with selinux
>> disabled or with pam_selinux.so commented out in /etc/pam.d/common-session,
>> then I can log in fine.
>> Log in works fine with kdm and kdebase-bin 4:3.5.6.dfsg.1-1, even with
>> selinux enabled.

Sorry, I meant to say here that it works with 4:3.5.5a.dfsg.1-6 in unstable.
  3.5.6.dfsg.1-1 does not work.  Having had a look at the source code I have
discovered that this is because 3.5.6 checks the return value of
pam_open_session while older versions just ignore it.

In fact pam_selinux fails with either version, leaving the context of my
processes as system_u:system_r:initrc_t.  However, kdm is also running in
this context, which isn't right; so it looks like the bug is in my selinux
policy rather than in kdm.

> Please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249784 (and ignore 
> the bug submitters bad attitude)
> There is a patch that might work, but I am currently a bit too clueless about 
> SElinux to accept that patch - and I don't have much faith in the submitter.

Well I'll take a look at it, but I don't know that much about selinux myself


Martin Orr

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: