how to run the pam_selinux_check to test SELINUX

[Ian jonhson]

Hi all,

I enabled the SELINUX on my FedoraCore4, and test pam_selinux_check.c
(distributed with Linux-PAM-0.99). However, it seems that it doesn't
work, and I have no idea how to do next.

The configuration steps about SELINUX:

1. After I installed my FC4, I set the SELINUX=enforcing in
/etc/sysconfig/selinux;

2. reboot my system. It seems that SELINUX have take in effect, the
FC4 checked and labeled the filesystem...

Then, I configured the PAM in /etc/pam.d/. My steps are as following:

1. create a new PAM configuration file in /etc/pam.d/, named
pam_selinux_check, and edited it as follows:

session  sufficient  pam_selinux.so

2. compile the pam_selinux_check.c

OK. Now I tested the pam_selinux_check and want to see some work
details about SELINUX.

#  ./pam_selinux_check
#                                    /*  <--  nothing happen */

Again, test it with a parameter

# ./pam_selinux_check  tom
#                                   /*  <--  nothing happed too */

did it righ?

I don't know what I have missed in my configuring the selinux and pam.
Maybe, one of the missing is that I just set enforcing in
/etc/sysconfig/selinux, not together with setting SELINUXTYPE=strict.
However, when I set SELINUXTYPE=strict, I got a error message at
booting and system dump. The error message said, I have set nothing
about strict policy.
But I don't know how to install strict policy.

I just test the functionalities about selinux MAC enforcement, so
where can I download a simple strict policy, and how to install in my
FC4+SELINUX?

As for PAM, it seems the configuration file is right, since I found
the pam_selinux.so only built the PAM session hooks.

I don't know what wrong with it, could anybody give me some advices?


Thanks in advance,

Ian