how to run the pam_selinux_check to test SELINUX
Ian jonhson
jonhson.ian at gmail.com
Thu Aug 30 02:41:01 UTC 2007
Hi all,
I enabled the SELINUX on my FedoraCore4, and test pam_selinux_check.c
(distributed with Linux-PAM-0.99). However, it seems that it doesn't
work, and I have no idea how to do next.
The configuration steps about SELINUX:
1. After I installed my FC4, I set the SELINUX=enforcing in
/etc/sysconfig/selinux;
2. reboot my system. It seems that SELINUX have take in effect, the
FC4 checked and labeled the filesystem...
Then, I configured the PAM in /etc/pam.d/. My steps are as following:
1. create a new PAM configuration file in /etc/pam.d/, named
pam_selinux_check, and edited it as follows:
session sufficient pam_selinux.so
2. compile the pam_selinux_check.c
OK. Now I tested the pam_selinux_check and want to see some work
details about SELINUX.
# ./pam_selinux_check
# /* <-- nothing happen */
Again, test it with a parameter
# ./pam_selinux_check tom
# /* <-- nothing happed too */
did it righ?
I don't know what I have missed in my configuring the selinux and pam.
Maybe, one of the missing is that I just set enforcing in
/etc/sysconfig/selinux, not together with setting SELINUXTYPE=strict.
However, when I set SELINUXTYPE=strict, I got a error message at
booting and system dump. The error message said, I have set nothing
about strict policy.
But I don't know how to install strict policy.
I just test the functionalities about selinux MAC enforcement, so
where can I download a simple strict policy, and how to install in my
FC4+SELINUX?
As for PAM, it seems the configuration file is right, since I found
the pam_selinux.so only built the PAM session hooks.
I don't know what wrong with it, could anybody give me some advices?
Thanks in advance,
Ian
More information about the Pam-list
mailing list