466884 – Add rule for slim login manager

Bug 466884 - Add rule for slim login manager

Summary: Add rule for slim login manager

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-10-14 10:55 UTC by Marco Pesenti Gritti
Modified:	2008-10-15 14:02 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-10-15 14:02:49 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Marco Pesenti Gritti 2008-10-14 10:55:00 UTC

http://slim.berlios.de/ is packaged for Fedora and we are using it for the Sugar spin but it doesn't interact properly with selinux. In particular selinux doesn't allow ssh-keygen to write new keys.

I'm no selinux expert but if I enable pam_selinux.so and add the following rule to selinux-policy things work as expected:

/usr/sbin/slim -- gen_context(system_u:object_r:xdm_exec_t,s0)

Is this the correct way to fix the issue? I will submit a patch for slim if this rule is added to selinux-policy.

Comment 1 Marco Pesenti Gritti 2008-10-14 19:31:01 UTC

Sorry the rule above has a typo. It's really:

/usr/bin/slim          --      gen_context(system_u:object_r:xdm_exec_t,s0)

Comment 2 Daniel Walsh 2008-10-15 14:02:49 UTC

Yes that is correct.

Fixed in selinux-policy-3.5.12-2.fc10.noarch

Note You need to log in before you can comment on or make changes to this bug.