Bug 466884 - Add rule for slim login manager
Add rule for slim login manager
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-14 06:55 EDT by Marco Pesenti Gritti
Modified: 2008-10-15 10:02 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-15 10:02:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marco Pesenti Gritti 2008-10-14 06:55:00 EDT
http://slim.berlios.de/ is packaged for Fedora and we are using it for the Sugar spin but it doesn't interact properly with selinux. In particular selinux doesn't allow ssh-keygen to write new keys.

I'm no selinux expert but if I enable pam_selinux.so and add the following rule to selinux-policy things work as expected:

/usr/sbin/slim -- gen_context(system_u:object_r:xdm_exec_t,s0)

Is this the correct way to fix the issue? I will submit a patch for slim if this rule is added to selinux-policy.
Comment 1 Marco Pesenti Gritti 2008-10-14 15:31:01 EDT
Sorry the rule above has a typo. It's really:

/usr/bin/slim          --      gen_context(system_u:object_r:xdm_exec_t,s0)
Comment 2 Daniel Walsh 2008-10-15 10:02:49 EDT
Yes that is correct.

Fixed in selinux-policy-3.5.12-2.fc10.noarch

Note You need to log in before you can comment on or make changes to this bug.