[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: SELinux default contexts and PAM session?
- From: Daniel J Walsh <dwalsh redhat com>
- To: Brian Ginn <BGinn symark com>
- Cc: "'fedora-selinux-list redhat com'" <fedora-selinux-list redhat com>
- Subject: Re: SELinux default contexts and PAM session?
- Date: Sat, 16 May 2009 07:59:25 -0400
On 05/15/2009 05:47 PM, Brian Ginn wrote:
I have a server app that runs from xinetd.
This server's job is to exec a program.
This app is not yet confined by SELinux policy.
When I use PAM session service, audit.log shows:
type=USER_ROLE_CHANGE msg=audit(1242413723.389:14866): user pid=24149 uid=0 auid=0 subj=system_u:system_r:inetd_t:s0-s0:c0.c1023 msg='pam: default-context=root:system_r:amanda_t:s0-s0:c0.c1023 selected-context=root:system_r:amanda_t:s0-s0:c0.c1023: exe="/usr/sbin/myserverd" (hostname=?, addr=?, terminal=ptmx res=success)'
Somehow, SELinux is deciding that the default context should be ...amanda_t...
How is that decision made?
Can I create a more correct context (that will be recognized as the default context) without confining the server?
Thanks,
Brian
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
I have no idea what this is, but is there a pam_selinux somewhere being
called in your pam stack?
pam_selinux is used for assinging user domains and it is obviously confused.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]