Research
Skip Research Menus
Research MenuSecurity Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links |
SELinux Mailing ListRe: booting in enforcing mode
From: Rogelio Serrano <rogelio_at_smsglobal.net>
Date: Sun, 11 Apr 2004 21:41:40 +0800
> On Sun, 11 Apr 2004 00:53, Rogelio Serrano >> I see. I think i have to remove some of those that i added. >> the >> hotplug scripts are the noisiest. i will fix /bin/login first. >> its the login fom util-linux 2.12 and im not using PAM. i need > > Not using PAM is a problem. I have written policy to prevent > /bin/login from > accessing /etc/shadow directly. When using PAM the helper > program > unix_chkpwd is granted read access to /etc/shadow and > /bin/login will spawn > unic_chkpwd to check the password. > > When not using PAM you would have to put the following in > login.te: > allow $1_login_t shadow_t:file { getattr read }; > > Then in the domain declaration change auth_chkpwd to auth. > >> to label the tty properly. i can login but not into > > That's another thing, if you use a non-PAM login program then > you have to > patch it to relabel the tty. > > I think that an option to consider is using pam-login. It's > source code is > apparently very clean, partly because it's only designed to > use PAM and has > no options for doing other things. > >> /User/Admin. login drops me into / then i can just "cd" and im >> in sysadm_home_dir. all home directories are in /Users and >> admins home dir is /Users/Admin alongside the other users. The >> context for /Users is system_u:object_r:file_t. Is that ok? >> Shouldnt it be root_t? Or should i create a totally new type. > > Best thing to do would be sed -e s/^\/home\//\/Users\// on the > file_contexts > file. >
Im not using shadow too. i fixed up the login though. it
behaves like pam login now.
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Sun 11 Apr 2004 - 09:42:06 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |