[ubuntu-hardened] SELinux on Karmic?
John Dong
jdong at ubuntu.com
Tue Sep 15 19:51:22 BST 2009
Caleb, I owe you lunch one of these days!
On Sep 15, 2009, at 2:32 PM, Caleb Case wrote:
> On Mon, Sep 14, 2009 at 2:56 PM, John Dong <jdong at ubuntu.com> wrote:
>> Thanks for your insight, Caleb!
>>
>> I've gotten to the point where I can reproduce ending up as xdm_t;
>> I'm
>> glad to know that it's not just me going crazy :)
>
> Heh :o)
>
> Alright it appears that others have run into this before:
>
> http://marc.info/?l=selinux&m=125250111327104&w=2
>
> If I change the /etc/pam.d/gdm to:
>
> #%PAM-1.0
> auth [success=ok ignore=ignore module_unknown=ignore default=bad]
> pam_sepermit.so close
> auth requisite pam_nologin.so
> auth required pam_env.so readenv=1
> auth required pam_env.so readenv=1 envfile=/etc/default/
> locale
> @include common-auth
> auth optional pam_gnome_keyring.so
> @include common-account
> session [success=ok ignore=ignore module_unknown=ignore default=bad]
> pam_selinux.so close
> session required pam_limits.so
> @include common-session
> session [success=ok ignore=ignore module_unknown=ignore default=bad]
> pam_selinux.so open
> session optional pam_gnome_keyring.so auto_start
> @include common-password
>
> My login is unconfined_t (as it should be). The same kinds of changes
> would need to also happen to /etc/pam.d/gdm-autologin.
>
> I've opened this bug for it: https://bugs.launchpad.net/bugs/430205
More information about the ubuntu-hardened
mailing list