[redhat-lspp] /tmp polyinstantiation and the man command

Daniel J Walsh dwalsh at redhat.com
Wed Nov 29 19:06:58 UTC 2006 

Daniel J Walsh wrote:
> Stephen Smalley wrote:
>> On Tue, 2006-11-28 at 11:01 -0500, Linda Knippers wrote:
>>  
>>> Stephen Smalley wrote:
>>>    
>>>> On Tue, 2006-11-28 at 10:41 -0500, Linda Knippers wrote:
>>>>
>>>>      
>>>>> Stephen Smalley wrote:
>>>>>
>>>>>
>>>>>        
>>>>>> Version of policycoreutils-newrole and selinux-policy-mls?
>>>>>> Contents of /etc/pam.d/newrole?
>>>>>>           
>>>>> Sorry, I'd mentioned in the call that I was running the latest from
>>>>> Dan's people page but omitted it from the mail.  I have these
>>>>> rpms.
>>>>>
>>>>> policycoreutils-1.33.2-2.el5
>>>>> policycoreutils-newrole-1.33.2-2.el5
>>>>> selinux-policy-mls-2.4.5-3.el5
>>>>> selinux-policy-2.4.5-3.el5
>>>>>
>>>>> /etc/pam.d/newrole has this:
>>>>> #%PAM-1.0
>>>>> auth       include      system-auth
>>>>> account    include      system-auth
>>>>> password   include      system-auth
>>>>> session    include      system-auth
>>>>> session    optional     pam_xauth.so
>>>>>         
>>>> I would have expected the latter to include:
>>>> session    required     pam_namespace.so unmnt_remnt 
>>>> no_unmount_on_close
>>>>       
>>> I added that line but I don't see any difference in behavior.  I added
>>> it at the end.  Does the location matter?  (Sorry for the dumb pam 
>>> question).
>>>     
>>
>> Possibly, e.g. if there is a sufficient or requisite module in the
>> system-auth stack.  Easiest thing to do is to move it up to the first
>> one and try again.  But now I am wondering whether that policycoreutils
>> was built with LSPP_PRIV=y, which is required to enable the audit and
>> namespace functionality.  The fedora devel .spec file still has
>> LOG_AUDIT_PRIV=y, which was the old flag for building with audit support
>> and no longer is used.
>>
>> ls -l /usr/bin/newrole
>> 1.33.5-4
>>   
> It does not.  Fixed in 1.33.5-4
>
>
> -- 
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
policycoreutils-1.33.5-4 is available on 
http://people.redhat.com/dwalsh/SELinux/RHEL5

More information about the redhat-lspp mailing list