Pam upgrade problem
Christopher J. PeBenito
cpebenito at tresys.com
Thu May 8 14:13:28 UTC 2008
On Wed, 2008-05-07 at 14:29 -0700, Scally, Katrina-P54861 wrote:
> My original problem was With the default pam options, pam_selinux is
> unable to get the user context, during login it would default to
> system_u:system_r:local_login_t context. I got around this problem for
> some time by changing /etc/pam.d/login line to
> Session required pam_selinux.so open verbose select_context.
> I found on http://www.nsa.gov/selinux/list-archive/0706/21321.cfm that
> this was a bug in pam and by upgrading from pam-0.1.77-66.23.i386.rpm
> (or earlier versions) to pam-0.1.99.6.2-3.26.el5.i386.rpm would get
> rid of the problem. This upgrade has actually caused more problems. I
> can no longer even log into my virtual machine with my install in
> enforcing, in permissive mode it is fine. Unfortunately there are no
> AVC denials when.
> My Virtual Machine is running RHEL5,
> libselinux-126.96.36.199-4.el5.i386.rpm, and reference policy that came
> with the Bedrock tool from Tresys refpolicy-20070417.tar.bz2
> Possibly I missed something while upgrading pam? I have looked through
> all of the files the pam-0.1.99.6.2-3.26.el5.i386.rpm has installed
> and they all seem correct.
Can you provide more information? Are you logging in at the console,
ssh, or gdm? I can't find much difference between the RHEL5 policy and
refpolicy for local logins. Have you tried the stock RHEL5 policy to
see if it stil fails?
Tresys Technology, LLC
(410) 290-1411 x150
More information about the fedora-selinux-list