Re: [gentoo-hardened] SELinux and gdm/kdm -- not setting sesson context?

Sun, 31 Jul 2011 04:59:05 -0700 

You get the same effect even on targeted where your session should be
running as unconfined_u:unconfined_r:unconfined_t.

Its working with gnome.  All processes from gnome-session and below run
as unconfined.

Looks like a bug.  Can you please file it.

On 07/30/2011 09:05 PM, Mike Edenfield wrote:
> I just installed the latest SELinux stuff from the hardened-development 
> overlay 
> onto my laptop, currently using the targeted profile (though I've also 
> switched 
> to strict and relabelled everything, same effect).
> 
> When logging in via a display manager, either kdm or gdm, the login session 
> is 
> not switching to the proper security context. Everything is running as 
> system_u:system_r:xdm_t, including my own login context. I rebuilt gdm after 
> switching profiles, so it has USE=selinux; I didn't see a similar USE flag 
> for 
> kdm.
> 
> This is the first time I've tried Gentoo+SELinux on a non-server in a long 
> time 
> so I'm possibly missing something important. Is there something obvious I 
> should check for?
> 
> kutulu@platypus ~ $ ls -Z `which kdm`
> system_u:object_r:xdm_exec_t /usr/bin/kdm
> kutulu@platypus ~ $ ls -Z `which gdm-binary`
> system_u:object_r:xdm_exec_t /usr/sbin/gdm-binary
> kutulu@platypus ~ $ ps xZ 
> LABEL                             PID TTY      STAT   TIME COMMAND
> system_u:system_r:xdm_t         14234 ?        Ss     0:00 /bin/sh 
> /usr/bin/startkde
> system_u:system_r:xdm_t         14298 ?        S      0:00 dbus-launch --sh-
> syntax --exit-with-session
> system_u:system_r:xdm_t         14299 ?        Ssl    0:03 /usr/bin/dbus-
> daemon --fork --print-pid 5 --print-address 7 --session
> system_u:system_r:xdm_t         14306 ?        Ss     0:00 kdeinit4: kdeinit4 
> Running...     
> system_u:system_r:xdm_t         14307 ?        S      0:00 kdeinit4: 
> klauncher 
> [kdeinit] --fd=8
> system_u:system_r:xdm_t         14309 ?        Sl     0:01 kdeinit4: kded4 
> [kdeinit]         
> system_u:system_r:xdm_t         14320 ?        S      0:00 kdeinit4: 
> kglobalaccel [kdeinit]  
> system_u:system_r:xdm_t         14327 ?        S      0:00 kwrapper4 ksmserver
> system_u:system_r:xdm_t         14343 ?        Sl     0:00 kdeinit4: 
> ksmserver 
> [kdeinit]     
> [...]
> kutulu@platypus ~ $ id -Z
> system_u:system_r:xdm_t
> kutulu@platypus ~ $ ps axZ | grep kdm
> system_u:system_r:xdm_t          2920 ?        Ss     0:00 /usr/bin/kdm
> kutulu@platypus ~ $ ps axZ | grep X  
> system_u:system_r:xserver_t      2939 tty7     Ss+    1:16 /usr/bin/X -br -
> novtswitch -quiet :0 vt7 -nolisten tcp -auth /var/run/xauth/A:0-8zHr3b
> 


-- 
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197

Reply via email to