SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: booting in enforcing mode This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Rogelio Serrano <rogelio_at_smsglobal.net> Date: Sun, 11 Apr 2004 21:41:40 +0800 On 2004-04-11 18:23:07 +0800 Russell Coker <russell@coker.com.au> wrote: > On Sun, 11 Apr 2004 00:53, Rogelio Serrano > <rogelio@smsglobal.net> wrote: >> I see. I think i have to remove some of those that i added. >> the >> hotplug scripts are the noisiest. i will fix /bin/login first. >> its the login fom util-linux 2.12 and im not using PAM. i need > > Not using PAM is a problem. I have written policy to prevent > /bin/login from > accessing /etc/shadow directly. When using PAM the helper > program > unix_chkpwd is granted read access to /etc/shadow and > /bin/login will spawn > unic_chkpwd to check the password. > > When not using PAM you would have to put the following in > login.te: > allow $1_login_t shadow_t:file { getattr read }; > > Then in the domain declaration change auth_chkpwd to auth. > >> to label the tty properly. i can login but not into > > That's another thing, if you use a non-PAM login program then > you have to > patch it to relabel the tty. > > I think that an option to consider is using pam-login. It's > source code is > apparently very clean, partly because it's only designed to > use PAM and has > no options for doing other things. > >> /User/Admin. login drops me into / then i can just "cd" and im >> in sysadm_home_dir. all home directories are in /Users and >> admins home dir is /Users/Admin alongside the other users. The >> context for /Users is system_u:object_r:file_t. Is that ok? >> Shouldnt it be root_t? Or should i create a totally new type. > > Best thing to do would be sed -e s/^\/home\//\/Users\// on the > file_contexts > file. > Im not using shadow too. i fixed up the login though. it behaves like pam login now. just to clarify im not using a standard distro. im using an lfs knock off. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Sun 11 Apr 2004 - 09:42:06 EDT This message: [ Message body ] Next message: Ed Street: "apache-ssl mods for Debian" Previous message: Rogelio Serrano: "Re: booting in enforcing mode" In reply to: Russell Coker: "Re: booting in enforcing mode" Next in thread: Rogelio Serrano: "Re: booting in enforcing mode" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom