Bug#501647: [DSE-User] wrong context with graphical login
On Sun, Jan 18, 2009 at 10:04:12PM +, Martin Orr wrote: On 14/01/09 19:47, Pierre Chifflier wrote: On Mon, Jan 12, 2009 at 05:51:58PM +, Martin Orr wrote: If not, then do you have the xserver module loaded? (Check semodule -l) xserver is indeed not loaded. selinux-policy-default is correcty installed, and file is present at /usr/share/selinux/default/xserver.pp I'll try to load it manually and see if it resolves the problem. If this is the source of the problem, why isn't this module loaded ? I've no idea - it should be loaded whenever you installed selinux-policy-default. (Unless you installed selinux-policy-default before gdm/xserver-xorg.) Hi, I confirm that loading module xserver and rebooting (restarting gdm should be enough, though) solves the problem, so I'm closing this bug. It would be a good idea to ensure that modules are properly loaded when installing X after selinux, since I think it's a very common case .. Thanks for your help ! Cheers, Pierre -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#501647: [DSE-User] wrong context with graphical login
On 14/01/09 19:47, Pierre Chifflier wrote: On Mon, Jan 12, 2009 at 05:51:58PM +, Martin Orr wrote: If not, then do you have the xserver module loaded? (Check semodule -l) xserver is indeed not loaded. selinux-policy-default is correcty installed, and file is present at /usr/share/selinux/default/xserver.pp I'll try to load it manually and see if it resolves the problem. If this is the source of the problem, why isn't this module loaded ? I've no idea - it should be loaded whenever you installed selinux-policy-default. (Unless you installed selinux-policy-default before gdm/xserver-xorg.) Best wishes, -- Martin Orr -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#501647: [DSE-User] wrong context with graphical login
On Mon, Jan 12, 2009 at 05:51:58PM +, Martin Orr wrote: Have you fixed the problem in #501647 (i.e. is gdm labelled correctly)? Nope, everything seems correctly labeled on disk. If not, then do you have the xserver module loaded? (Check semodule -l) xserver is indeed not loaded. selinux-policy-default is correcty installed, and file is present at /usr/share/selinux/default/xserver.pp I'll try to load it manually and see if it resolves the problem. If this is the source of the problem, why isn't this module loaded ? Thanks, Pierre -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#501647: [DSE-User] wrong context with graphical login
Have you fixed the problem in #501647 (i.e. is gdm labelled correctly)? If not, then do you have the xserver module loaded? (Check semodule -l) Best wishes, Martin Orr On 09/01/09 11:14, Pierre Chifflier wrote: Hi, I would like to help getting SELinux support in Debian (I package setroubleshoot, for ex.), but my sid installation got some weird problem: If I login using a tty or a console, no problem. However, if I use a desktop manager (like gdm, but I have also tried kdm and wdm), I got a wrong context: [~] id -Z unconfined_u:system_r:netutils_t:s0-s0:c0.c1023 netutils_t is obviously wrong ... I tried to find the error, but could not go further than pointing a problem in context transitions, as described in bug #501647 [1] Setup looks correct: # semanage login -l Login NameSELinux User MLS/MCS Range __default__ unconfined_u s0-s0:c0.c1023 root unconfined_u s0-s0:c0.c1023 system_u system_u s0-s0:c0.c1023 ~# semanage user -l Labeling MLS/ MLS/ SELinux UserPrefix MCS Level MCS Range SELinux Roles rootsysadm s0 s0-s0:c0.c1023 staff_r sysadm_r system_r staff_u staff s0 s0-s0:c0.c1023 staff_r sysadm_r sysadm_usysadm s0 s0-s0:c0.c1023 sysadm_r system_uuser s0 s0-s0:c0.c1023 system_r unconfined_uunconfined s0 s0-s0:c0.c1023 system_r unconfined_r user_u user s0 s0 user_r Note that seems to happen only in Sid, not Lenny. I tried relabelling, everything looks fine. Could you help me please ? Pierre [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501647 ___ Selinux-user mailing list selinux-u...@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/selinux-user -- Martin Orr -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
