[redhat-lspp] Login onto virtual terminal with SL of Secret
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Jun 26 23:50:00 UTC 2006
On Mon, 26 Jun 2006 18:23:48 CDT, Joe Nall said:
> > Out of curiosity, if it's confined to 'Secret only', is it able to
> > open the mingetty binary? What, if any, avc's get generated when
> > you try this?
>
> None that appear related.
> Jun 26 18:21:16 cipso kernel: audit(1151364076.286:200): avc:
> denied { mounton } for pid=4226 comm="login"
> name="polyinstantiated" dev=dm-0 ino=36864115
> scontext=system_u:system_r:local_login_t:s2
> tcontext=user_u:object_r:user_t:s0 tclass=dir
Let me guess - it lives long enough to prompt for a userid/password, and
then dies? This looks like the namespace.init stuff failing to work - you
probably need to check namespace.conf and make sure the 'polyinstantiated'
directory has a label that local_login_t:s2 can mount onto. Failing that,
add 'debug' to the pam.d line for namespaces:
session required pam_namespace.so debug
and then go see if anything useful pops up in /var/log/secure
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20060626/b2c6bf42/attachment.sig>
More information about the redhat-lspp
mailing list