not relabeling "/dev/:0".
Daniel J Walsh
dwalsh at redhat.com
Thu Dec 9 17:02:35 UTC 2004
Stephen Smalley wrote:
>On Wed, 2004-12-08 at 18:09, Nalin Dahyabhai wrote:
>
>
>>I think some piece of code (pam_selinux maybe?) is assuming that
>>prepending "/dev/" to the value of the PAM_TTY item results in a path
>>which can be relabeled. I think gdm sets it to ":0" on at least some
>>platforms, for example.
>>
>>Is there a particular command or program being run when this happens, or
>>is it happening when you log in?
>>
>>
>
>Hmm...I thought that the SELinux patch for gdm was upstreamed and that
>it no longer needed to use pam_selinux (and I seem to recall pam_selinux
>not working for gdm anyway since the pam_open_session call was made from
>the wrong process to set up the exec context), but I still see a
>pam_selinux entry in /etc/pam.d/gdmsetup. Ok, looking at the gdm SRPM,
>there is definitely SELinux code in daemon/slave.c to get the user's
>default context and set the exec context, so I don't see why you'd need
>pam_selinux for it.
>
>
>
Ok removing from gdm.
More information about the fedora-selinux-list
mailing list