Adding a custom PAM module and selinux
Jurgen Kramer
gtm.kramer at inter.nl.net
Sat May 27 16:54:09 UTC 2006
I am trying to add a custom PAM module (pam_poldi.so) to my FC5 system
to be able to login using a OpenPGP smartcard. I already changed the
security context of /lib/security/pam_poldi.so to match the other pam
modules (system_u:object_r:lib_t) but it seems that is not enough. In
syslog I still see:
su: PAM unable to dlopen(/lib/security/pam_poldi.so)
su: PAM [error: /lib/security/pam_poldi.so: cannot restore segment prot
after reloc: Permission denied]
This can propably be fixed with a chcon -t
texrel_shlib_t /lib/security/pam_poldi.so
This will probably not survice an selinux update or relabel session.
What is the proper way to add the module so it will survice relabels and
selinux updates?
Thanks,
Jurgen
More information about the fedora-list
mailing list