Pam upgrade problem

Christopher J. PeBenito cpebenito at
Thu May 8 14:13:28 UTC 2008

On Wed, 2008-05-07 at 14:29 -0700, Scally, Katrina-P54861 wrote:
> My original problem was With the default pam options, pam_selinux is
> unable to get the user context, during login it would default to
> system_u:system_r:local_login_t context. I got around this problem for
> some time by changing /etc/pam.d/login line to
> Session required open verbose select_context. 
> I found on that
> this was a bug in pam and by upgrading from pam-0.1.77-66.23.i386.rpm
> (or earlier versions) to pam- would get
> rid of the problem. This upgrade has actually caused more problems. I
> can no longer even log into my virtual machine with my install in
> enforcing, in permissive mode it is fine. Unfortunately there are no
> AVC denials when.
> My Virtual Machine is running RHEL5,
> libselinux-, and reference policy that came
> with the Bedrock tool from Tresys refpolicy-20070417.tar.bz2
> Possibly I missed something while upgrading pam? I have looked through
> all of the files the pam- has installed
> and they all seem correct.

Can you provide more information?  Are you logging in at the console,
ssh, or gdm?  I can't find much difference between the RHEL5 policy and
refpolicy for local logins.  Have you tried the stock RHEL5 policy to
see if it stil fails?

Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

More information about the fedora-selinux-list mailing list