When a regular user logs in to a system installed using our kickstart scripts, the user gets this error: -bash: /sbin/consoletype: Permission denied
This is because /etc/profile wants to run /etc/profile.d/lang.sh (in my case) and lang.sh runs /sbin/consoletype. Our kickstart script changes the mode on /sbin/consoletype to 0500 because its one of the files that has "MLS overrides or other *_exec_t special privileges". I looked at the mls policy and it does have msl_file_read_up and mls_file_write_down but I its not clear to me why. Perhaps Dan or Chad can explain? If the policy stays this way then I think we need to update the scripts in profile.d to check for execute permission before running the command, but I also wonder who else might be calling this program and could be broken. -- ljk -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
