Got things working, but not sure how
Scott Salley
ssalley at likewise.com
Wed Mar 3 23:10:57 UTC 2010
I'd like to thank the mailing list inhabitants for all the help you've
given me. So, Thanks!
I modified the targeted policy for Fedora 12 and got Likewise Open to
install, join Active Directory, and allow users to authenticate without
any problems! The problem is, I'm not quite sure what some of the rules
do and whether they are necessary.
For example, I patched the authentication daemon (lsassd) to properly
set up the user's home directory and I'm using matchpathcon(3) and
setfilecon(3). At first, matchpathcon would fail but I could find *no*
messages indicating a problem. I finally copied a block of rules from
another policy and that worked.
The rules I copied are:
selinux_get_fs_mount(lsassd_t)
selinux_validate_context(lsassd_t)
selinux_compute_access_vector(lsassd_t)
selinux_compute_create_context(lsassd_t)
selinux_compute_relabel_context(lsassd_t)
selinux_compute_user_contexts(lsassd_t)
Now I could try things one by one and see what works and what doesn't,
but I have some other rule blocks where I have the same type of problem
and then a combinatorial explosion gets involved. I have also tried
looking things up online, but pages like this
(http://www.softeh.ro/doc/selinux-policy-2.2.23/html/kernel_selinux.html
) did not really help me for many of the rules.
What have I missed? Is there another level of logging I could turn on
somewhere?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20100303/a5343416/attachment.html
More information about the selinux
mailing list