semodule
Stephen Smalley
sds at tycho.nsa.gov
Fri Jun 5 17:22:29 UTC 2009
On Fri, 2009-06-05 at 10:10 -0700, Vadym Chepkov wrote:
>
> --- On Fri, 6/5/09, Stephen Smalley <sds at tycho.nsa.gov> wrote:
>
> >
> > You should have gotten some pam_selinux log messages in
> > /var/log/secure
> > if you added the debug option and logged into the system
> > again.
> >
>
> You should be able to see debug option I added in the sshd file I sent you.
> No debug entries in /var/log/secure. Could it be that session call never gets out of pam_winbind, which is called in system-auth?
I don't know. Adding debug to that pam entry on a F10 system here and
logged in, I get the following in /var/log/secure (omitting the
timestamp and hostname prefix):
sshd[3745]: pam_selinux(sshd:session): Open Session
sshd[3745]: pam_selinux(sshd:session): Username= sds SELinux User = unconfined_u Level= s0
sshd[3745]: pam_selinux(sshd:session): Selected Security Context unconfined_u:unconfined_r:unconfined_t:s0
sshd[3745]: pam_selinux(sshd:session): Checking if unconfined_u:unconfined_r:unconfined_t:s0 mls range valid for unconfined_u:unconfined_r:unconfined_t:s0
sshd[3745]: pam_selinux(sshd:session): set sds security context to unconfined_u:unconfined_r:unconfined_t:s0
sshd[3745]: pam_selinux(sshd:session): set sds key creation context to unconfined_u:unconfined_r:unconfined_t:s0
sshd[3745]: pam_selinux(sshd:session): Close Session
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list