254164 – gdm should use pam_selinux instead of doing its own selinux code

Bug 254164 - gdm should use pam_selinux instead of doing its own selinux code

Summary: gdm should use pam_selinux instead of doing its own selinux code

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gdm
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Ray Strode [halfline]
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	F8Blocker
TreeView+	depends on / blocked

Reported:	2007-08-24 15:16 UTC by Ray Strode [halfline]
Modified:	2007-11-30 22:12 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2007-10-01 21:23:26 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Ray Strode [halfline] 2007-08-24 15:16:34 UTC

One problem that we're hitting with pam_gnomekeyring is that it runs in the
locked down xdm context since we don't do a domain transition until after pam
session modules are run.  This causes problems because it means
gnome-keyring-daemon runs under the wrong context.

Some session modules (like pam_console) need to run under the xdm domain and not
the user domain though.

If we switch to using pam_selinux then we can partition the session modules to
half run in the xdm context and half in the user context.

Comment 1 Ray Strode [halfline] 2007-08-24 15:34:31 UTC

should be fixed (or really broken) in tomorrow's rawhide

Comment 2 Ray Strode [halfline] 2007-09-07 16:08:46 UTC

it broke things for xguest users.  we need to save, reset and restore the
context around the call to the PreSession script

Comment 3 Ray Strode [halfline] 2007-10-01 21:23:26 UTC

we fixed this a while ago I believe.

Note You need to log in before you can comment on or make changes to this bug.