Pam upgrade problem
Katrina.Scally at gdc4s.com
Wed May 7 21:29:37 UTC 2008
My original problem was With the default pam options, pam_selinux is
unable to get the user context, during login it would default to
system_u:system_r:local_login_t context. I got around this problem for
some time by changing /etc/pam.d/login line to
Session required pam_selinux.so open verbose select_context.
I found on http://www.nsa.gov/selinux/list-archive/0706/21321.cfm that
this was a bug in pam and by upgrading from pam-0.1.77-66.23.i386.rpm
(or earlier versions) to pam-0.1.99.6.2-3.26.el5.i386.rpm would get rid
of the problem. This upgrade has actually caused more problems. I can no
longer even log into my virtual machine with my install in enforcing, in
permissive mode it is fine. Unfortunately there are no AVC denials when.
My Virtual Machine is running RHEL5, libselinux-22.214.171.124-4.el5.i386.rpm,
and reference policy that came with the Bedrock tool from Tresys
Possibly I missed something while upgrading pam? I have looked through
all of the files the pam-0.1.99.6.2-3.26.el5.i386.rpm has installed and
they all seem correct.
Thanks in advance,
> This email message is for the sole use of the intended recipient(s)
> and may contain GDC4S confidential or privileged information. Any
> unauthorized review, use, disclosure or distribution is prohibited. If
> you are not an intended recipient, please contact the sender by reply
> email and destroy all copies of the original message.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the fedora-selinux-list