Bug 468645
Summary: | SELinux is preventing login (local_login_t) "create" system_chkpwd_t. (and KDM ...) | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jerry Amundson <jamundso> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | bgamari, dwalsh, je, jkubin, mgrepl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-10-28 23:55:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jerry Amundson
2008-10-27 02:34:56 UTC
semodule login -l semodule user -l I had the same problem on my laptop: # semanage login -l Login Name SELinux User MLS/MCS Range __default__ system_u s0 root root -s0:c0.c255 system_u system_u SystemLow-SystemHigh You can notice there's not my regular username here, only root. So I ran: # semanage login -a -s user_u jeo "jeo" is my regular username. Now everything looks fine: # semanage login -l Login Name SELinux User MLS/MCS Range __default__ system_u s0 jeo user_u s0 root root -s0:c0.c255 system_u system_u SystemLow-SystemHigh After rebooting, no more setroubleshoot message popping up on my desktop. Great! I think it would be better if you ran semanage -S targeted -i - << __eof user -a -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u user -a -P user -R guest_r guest_u user -a -P user -R xguest_r xguest_u __eof semanage -S targeted -i - << __eof login -m -s unconfined_u -r s0-s0:c0.c1023 __default__ login -m -s unconfined_u -r s0-s0:c0.c1023 root __eof This is supposed to run in the post install of the selinux-policy-targeted packagem, but if you initially installed with selinux disabled, the commands will blow up leaving you in this state. I am looking into fixing the package to install properly on an disabled selinux system. Fixed in selinux-policy-3.5.13-9.fc10 This will setup the users correct even if SELinux is disabled. |