[redhat-lspp] /tmp polyinstantiation and the man command
Daniel J Walsh
dwalsh at redhat.com
Wed Nov 29 18:59:40 UTC 2006
Stephen Smalley wrote:
> On Tue, 2006-11-28 at 11:01 -0500, Linda Knippers wrote:
>
>> Stephen Smalley wrote:
>>
>>> On Tue, 2006-11-28 at 10:41 -0500, Linda Knippers wrote:
>>>
>>>
>>>> Stephen Smalley wrote:
>>>>
>>>>
>>>>
>>>>> Version of policycoreutils-newrole and selinux-policy-mls?
>>>>> Contents of /etc/pam.d/newrole?
>>>>>
>>>> Sorry, I'd mentioned in the call that I was running the latest from
>>>> Dan's people page but omitted it from the mail. I have these
>>>> rpms.
>>>>
>>>> policycoreutils-1.33.2-2.el5
>>>> policycoreutils-newrole-1.33.2-2.el5
>>>> selinux-policy-mls-2.4.5-3.el5
>>>> selinux-policy-2.4.5-3.el5
>>>>
>>>> /etc/pam.d/newrole has this:
>>>> #%PAM-1.0
>>>> auth include system-auth
>>>> account include system-auth
>>>> password include system-auth
>>>> session include system-auth
>>>> session optional pam_xauth.so
>>>>
>>> I would have expected the latter to include:
>>> session required pam_namespace.so unmnt_remnt no_unmount_on_close
>>>
>> I added that line but I don't see any difference in behavior. I added
>> it at the end. Does the location matter? (Sorry for the dumb pam question).
>>
>
> Possibly, e.g. if there is a sufficient or requisite module in the
> system-auth stack. Easiest thing to do is to move it up to the first
> one and try again. But now I am wondering whether that policycoreutils
> was built with LSPP_PRIV=y, which is required to enable the audit and
> namespace functionality. The fedora devel .spec file still has
> LOG_AUDIT_PRIV=y, which was the old flag for building with audit support
> and no longer is used.
>
> ls -l /usr/bin/newrole
> 1.33.5-4
>
It does not. Fixed in 1.33.5-4
More information about the redhat-lspp
mailing list