Have you fixed the problem in #501647 (i.e. is gdm labelled correctly)? If not, then do you have the xserver module loaded? (Check semodule -l)
Best wishes, Martin Orr On 09/01/09 11:14, Pierre Chifflier wrote: > Hi, > > I would like to help getting SELinux support in Debian (I package > setroubleshoot, for ex.), but my sid installation got some weird > problem: > If I login using a tty or a console, no problem. > However, if I use a desktop manager (like gdm, but I have also tried kdm > and wdm), I got a wrong context: > [~] id -Z > unconfined_u:system_r:netutils_t:s0-s0:c0.c1023 > > netutils_t is obviously wrong ... > > I tried to find the error, but could not go further than pointing a > problem in context transitions, as described in bug #501647 [1] > > Setup looks correct: > > # semanage login -l > > Login Name SELinux User MLS/MCS Range > > __default__ unconfined_u s0-s0:c0.c1023 > root unconfined_u s0-s0:c0.c1023 > system_u system_u s0-s0:c0.c1023 > > ~# semanage user -l > > Labeling MLS/ MLS/ > SELinux User Prefix MCS Level MCS Range SELinux > Roles > > root sysadm s0 s0-s0:c0.c1023 staff_r > sysadm_r system_r > staff_u staff s0 s0-s0:c0.c1023 staff_r > sysadm_r > sysadm_u sysadm s0 s0-s0:c0.c1023 sysadm_r > system_u user s0 s0-s0:c0.c1023 system_r > unconfined_u unconfined s0 s0-s0:c0.c1023 system_r > unconfined_r > user_u user s0 s0 user_r > > > Note that seems to happen only in Sid, not Lenny. I tried relabelling, > everything looks fine. > > Could you help me please ? > > Pierre > > [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501647 > > _______________________________________________ > Selinux-user mailing list > selinux-u...@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/selinux-user -- Martin Orr -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
