Fwd: SELinux user login problem
prakash hallalli
prakashkhallalli at gmail.com
Sat Feb 28 11:35:28 UTC 2009
Hi All,
Thanks for replay to me. This is am getting audit messages form
/var/log/audit/audit.log.
type=AVC msg=audit(1235820249.704:255): avc: denied { rlimitinh } for
pid=4296 comm="login" scontext=system_u:system_r:getty_t:s0
tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1235820249.704:255): avc: denied { noatsecure } for
pid=4296 comm="login" scontext=system_u:system_r:getty_t:s0
tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1235820249.704:255): arch=c000003e syscall=59
success=yes exit=0 a0=402269 a1=7fff186d7030 a2=7fff186d9550 a3=22 items=0
ppid=1 pid=4296 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=tty4 comm="login" exe="/bin/login"
subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null)
type=USER_AUTH msg=audit(1235820253.552:256): user pid=4296 uid=0
auid=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023
msg='PAM: authentication acct="user1" : exe="/bin/login" (hostname=?,
addr=?, terminal=tty4 res=success)'
type=USER_ACCT msg=audit(1235820253.555:257): user pid=4296 uid=0
auid=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023
msg='PAM: accounting acct="user1" : exe="/bin/login" (hostname=?, addr=?,
terminal=tty4 res=success)'
type=LOGIN msg=audit(1235820253.560:258): login pid=4296 uid=0 old
auid=4294967295 new auid=527
type=USER_ROLE_CHANGE msg=audit(1235820253.567:259): user pid=4296 uid=0
auid=527 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam:
default-context=prakash:prakash_r:prakash_t:s0
selected-context=prakash:prakash_r:prakash_t:s0: exe="/bin/login"
(hostname=?, addr=?, terminal=tty4 res=success)'
type=USER_START msg=audit(1235820253.568:260): user pid=4296 uid=0 auid=527
subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: session open
acct="user1" : exe="/bin/login" (hostname=?, addr=?, terminal=tty4
res=success)'
type=CRED_ACQ msg=audit(1235820253.568:261): user pid=4296 uid=0 auid=527
subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: setcred
acct="user1" : exe="/bin/login" (hostname=?, addr=?, terminal=tty4
res=success)'
type=USER_LOGIN msg=audit(1235820253.570:262): user pid=4296 uid=0 auid=527
subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='uid=527:
exe="/bin/login" (hostname=?, addr=?, terminal=tty4 res=success)'
type=AVC msg=audit(1235820275.060:263): avc: denied { siginh } for
pid=4132 comm="login" scontext=system_u:system_r:getty_t:s0
tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1235820275.060:263): avc: denied { rlimitinh } for
pid=4132 comm="login" scontext=system_u:system_r:getty_t:s0
tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1235820275.060:263): avc: denied { noatsecure } for
pid=4132 comm="login" scontext=system_u:system_r:getty_t:s0
tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1235820275.060:263): arch=c000003e syscall=59
success=yes exit=0 a0=402269 a1=7fff1bcb84a0 a2=7fff1bcba9c0 a3=22 items=0
ppid=1 pid=4132 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=tty2 comm="login" exe="/bin/login"
subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null)
Thanks,
Prakah
On Sat, Feb 28, 2009 at 12:36 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> prakash hallalli wrote:
> > Hi All,
> >
> > I am using CentOS-5 x86_64, I have followed what u have sent the
> > steps.
> > But still i am getting same user login problem. I am not able to
> > login
> > user properly in system.
> >
> > These are i have followed the steps.
> >
> > 1. Create a source policy module:-
> >
> > #cd /home/prakash
> > #vi prakash.te
> > policy_module(prakash, 0.0.1)
> > role prakash_r;
> > userdom_unpriv_user_template(prakash);
> >
> > 2. Build the source policy module:
> >
> > #make -f /usr/share/selinux/devel/Makefile
> >
> > 3. Install the binary policy module:
> >
> > #semodule -i prakash.pp
> >
> > 4. Create default contexts for prakash:
> >
> > #cd /etc/selinux/targeted/contexts/users
> > #vi prakash
> > system_r:system_local_login_t:s0 prakash_r:prakash_t:s0
> > system_r:remote_login_t:s0 prakash_r:prakash_t:s0
> > system_r:sshd_t:s0
> prakash_r:prakash_t:s0
> > system_r:crond_t:s0
> prakash_r:prakash_t:s0
> > system_r:xdm_t:s0
> prakash_r:prakash_t:s0
> > prakash_r:prakash_su_t:s0 prakash_r:prakash_t:s0
> > prakash_r:prakash_sudo_t:s0 prakash_r:prakash_t:s0
> > system_r:initrc_su_t:s0
> prakash_r:prakash_t:s0
> > prakash_r:prakash_t:s0 prakash_r:prakash_t:s0
> >
> > 5. Create a SELinux user mapping for prakash:
> >
> > #semanage user -a -L s0 -r s0-s0 -R "prakash_r" -P user prakash
> >
> > 6. Add new prakash user for user1:
> >
> > #useradd -Z prakash user1
> >
> > 7. when i will try to login in the system, will get permission denied
> > message.
> >
> > gtt login: user1
> > password: XXXXXX
> >
> > -bash: /home/user1/.bash_profile: Permission denied
> > -bash-3.1$id
> > uid=524(user1) gid=525(user1) groups=525(user1)
> > context=prakash:prakash_r:prakash_t
> >
> > I tryed to one more user then all so i got same problem. I am not sure
> > what i did the mistakes, Please help me what i have to do.
> >
> > Thanks,
> > Prakash, k, h.
> >
> > On Wed, Feb 25, 2009 at 9:17 PM, Daniel J Walsh <dwalsh at redhat.com>
> wrote:
> >
> > prakash hallalli wrote:
> >>>> Hi All,
> >>>>
> >>>> I have created 'myuser' user and created custom module policy
> > for
> >>>> user.
> >>>> I have installed successfully module, but when i logging myuser
> in
> >>>> i will get bash prompt.
> >>>>
> >>>> I have followed as below steps for creating module.
> >>>>
> >>>> #vi myuser.te
> >>>> policy_module(myuser, 0.0.1)
> >>>> role myuser_r;
> >>>> userdom_unpriv_user_templete(myuser)
> >>>>
> >>>> #make -f /usr/share/selinux/devel/Makefile
> >>>> #sudo semodule i myuser.pp
> >>>> #semanage user a L s0 r s0s0 L "myuser1_r" P user myuser1
> >>>> #useradd Z myuser1 myuser1
> >>>>
> >>>> I did all the step when i try login in system following error will
> > display.
> >>>> gtt login: myuser
> >>>> password: XXXXXX
> >>>>
> >>>> -bash: /home/myuser/.bash_profile: Permission denied
> >>>> -bash-3.1$
> >>>>
> >>>> Please give what should i have to do.
> >>>>
> >>>> Thanks,
> >>>> Prakash.
> >>>>
> >>>>
> >>>>
> >>>>
> ------------------------------------------------------------------------
> >>>>
> >>>> --
> >>>> fedora-selinux-list mailing list
> >>>> fedora-selinux-list at redhat.com
> >>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > Which OS and Version.
> >
> > Depending on the policy you might need to relabe the homedir to get the
> > labels correct.
> >
> > restorecon -R -v /home
> >
> >>
>
> > ------------------------------------------------------------------------
>
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> Please attach the AVC messages from /var/log/audit/audit.log.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkmoOc0ACgkQrlYvE4MpobNI/QCeOM9/9g9s3qIEb/b+w5gdGF3e
> VxYAnROI42+yd2xSycJJPqEVjovwMuVA
> =zXsG
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090228/77e51313/attachment.htm>
More information about the fedora-selinux-list
mailing list