[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

RE: getpwnam and SELinux

From: Brian Ginn <BGinn symark com>
To: "'Stephen Smalley'" <sds tycho nsa gov>
Cc: "'fedora-selinux-list redhat com'" <fedora-selinux-list redhat com>
Subject: RE: getpwnam and SELinux
Date: Wed, 8 Jul 2009 10:48:17 -0700

Thanks again!

I got that last problem solved.  My confined program now works on RHEL5.3.

Fedora 9, on the other hand, always returns x, even when not enforcing and not confined.  That doesn't seem to be an SELinux issue.

-Brian

-----Original Message-----
From: Stephen Smalley [mailto:sds tycho nsa gov] 
Sent: Tuesday, July 07, 2009 12:24 PM
To: Brian Ginn
Cc: 'fedora-selinux-list redhat com'; Joshua Brindle
Subject: RE: getpwnam and SELinux

On Tue, 2009-07-07 at 12:04 -0700, Brian Ginn wrote:
> Thanks for the suggestion.  My program still doesn't work yet, but I notice that /var/log/messages has:
> 
> Jul  6 12:43:55 localhost kernel: security:  context unconfined_u:unconfined_r:t_getpw_t:s0-s0:c0.c1023 is invalid
> 
> What would make this invlaid?

user-role, role-type, or user-range association is not authorized by the
policy.

-- 
Stephen Smalley
National Security Agency

References:
- getpwnam and SELinux
  - From: Brian Ginn
- Re: getpwnam and SELinux
  - From: Stephen Smalley
- RE: getpwnam and SELinux
  - From: Brian Ginn
- RE: getpwnam and SELinux
  - From: Stephen Smalley
- RE: getpwnam and SELinux
  - From: Brian Ginn
- RE: getpwnam and SELinux
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]