Bug 466884

Summary: Add rule for slim login manager
Product: [Fedora] Fedora Reporter: Marco Pesenti Gritti <mpg>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dwalsh, jkubin, mgrepl, sebastian
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-15 14:02:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marco Pesenti Gritti 2008-10-14 10:55:00 UTC 
http://slim.berlios.de/ is packaged for Fedora and we are using it for the Sugar spin but it doesn't interact properly with selinux. In particular selinux doesn't allow ssh-keygen to write new keys.

I'm no selinux expert but if I enable pam_selinux.so and add the following rule to selinux-policy things work as expected:

/usr/sbin/slim -- gen_context(system_u:object_r:xdm_exec_t,s0)

Is this the correct way to fix the issue? I will submit a patch for slim if this rule is added to selinux-policy.
Comment 1 Marco Pesenti Gritti 2008-10-14 19:31:01 UTC 
Sorry the rule above has a typo. It's really:

/usr/bin/slim          --      gen_context(system_u:object_r:xdm_exec_t,s0)
Comment 2 Daniel Walsh 2008-10-15 14:02:49 UTC 
Yes that is correct.

Fixed in selinux-policy-3.5.12-2.fc10.noarch