A new prompt at login time

Allen, Jack Jack.Allen at McKesson.com
Wed Oct 19 20:30:18 UTC 2005 

-----Original Message-----
From: Allen, Jack [mailto:Jack.Allen at McKesson.com] 
Sent: Wednesday, October 19, 2005 3:21 PM
To: 'Redhat-list at redhat.com'
Subject: A new prompt at login time


        I ran up2date yesterday and have my system completely up to
date. I rebooted this morning and now when I login via telnet, yes that
is just plain old telnet, not ssh, I get the following:

======== 
Red Hat Enterprise Linux AS release 4 (Nahant Update 2) 
Kernel 2.6.9-22.ELsmp on an i686 
login: jca 
Password: 
Your default context is user_u:system_r:unconfined_t. 

Do you want to choose a different one? [n] 
======== 

I just entered a CR and thought this would be a one time things. But it
is not. While the prompt was being displayed I did a who and it does not
show me logged in yet. I did a ps -ef | grep log and see a login process
with the host name and -p option. So it appears the prompt is coming
from the login program or its calls to some PAM routine.

        Does anybody know where this is controlled so I can set a
default and not be prompted each time? 

        Also exactly what is this controlling? 

        If I do id, it shows context=user_u:system_r:unconfined_t 

Thanks: 
        Jack Allen 

##########
Some things I have been able to find out and more questions.

I did man -k context and discovered the get_default_context routine. Doing
man get_default_context tells me about get_default_context_list

       get_ordered_context_list queries the SE Linux policy database  in
the
       kernel  and  some  configuration files to determine an ordered list
of
       contexts that may be used for login sessions.  The list must be
freed
       with  freeconary.  The  possible  roles  and domains will be read
from
       /etc/security/default_contexts  and  .default_contexts  in  the
home
       directory of the user in question.

My question now is what is the format of the files listed above?

       manual_user_enter_context allows the user to manually enter a
context
       as  a fallback if a list of authorized contexts could not be
obtained.
       Caller must free via freecon.

So I assume this is why I am getting prompted.

I found default_contexts in /etc/selinux/targeted/contexts and it contains:

	system_r:unconfined_t   system_r:unconfined_t

Thanks:
	Jack Allen

More information about the redhat-list mailing list