On 19/03/07 21:53, Sune Vuorela wrote: > On Monday 19 March 2007, Martin Orr wrote: >> When I log in to kdm, I get thrown straight back to the kdm greeter without >> any error messages. >> >> I have selinux on this box, in permissive mode. If I boot with selinux >> disabled or with pam_selinux.so commented out in /etc/pam.d/common-session, >> then I can log in fine. >> >> Log in works fine with kdm and kdebase-bin 4:3.5.6.dfsg.1-1, even with >> selinux enabled. Sorry, I meant to say here that it works with 4:3.5.5a.dfsg.1-6 in unstable. 3.5.6.dfsg.1-1 does not work. Having had a look at the source code I have discovered that this is because 3.5.6 checks the return value of pam_open_session while older versions just ignore it. In fact pam_selinux fails with either version, leaving the context of my processes as system_u:system_r:initrc_t. However, kdm is also running in this context, which isn't right; so it looks like the bug is in my selinux policy rather than in kdm. > Please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249784 (and ignore > the bug submitters bad attitude) > > There is a patch that might work, but I am currently a bit too clueless about > SElinux to accept that patch - and I don't have much faith in the submitter. Well I'll take a look at it, but I don't know that much about selinux myself either. Thanks, -- Martin Orr
Attachment:
signature.asc
Description: OpenPGP digital signature