Hi All,<br> <br>Thanks for replay to me. This is am getting audit messages form /var/log/audit/audit.log.<br><br>type=AVC msg=audit(1235820249.704:255): avc: denied { rlimitinh } for pid=4296 comm="login" scontext=system_u:system_r:getty_t:s0 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process<br>
type=AVC msg=audit(1235820249.704:255): avc: denied { noatsecure } for pid=4296 comm="login" scontext=system_u:system_r:getty_t:s0 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process<br>type=SYSCALL msg=audit(1235820249.704:255): arch=c000003e syscall=59 success=yes exit=0 a0=402269 a1=7fff186d7030 a2=7fff186d9550 a3=22 items=0 ppid=1 pid=4296 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty4 comm="login" exe="/bin/login" subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null)<br>
type=USER_AUTH msg=audit(1235820253.552:256): user pid=4296 uid=0 auid=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: authentication acct="user1" : exe="/bin/login" (hostname=?, addr=?, terminal=tty4 res=success)'<br>
type=USER_ACCT msg=audit(1235820253.555:257): user pid=4296 uid=0 auid=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: accounting acct="user1" : exe="/bin/login" (hostname=?, addr=?, terminal=tty4 res=success)'<br>
type=LOGIN msg=audit(1235820253.560:258): login pid=4296 uid=0 old auid=4294967295 new auid=527<br>type=USER_ROLE_CHANGE msg=audit(1235820253.567:259): user pid=4296 uid=0 auid=527 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='pam: default-context=prakash:prakash_r:prakash_t:s0 selected-context=prakash:prakash_r:prakash_t:s0: exe="/bin/login" (hostname=?, addr=?, terminal=tty4 res=success)'<br>
type=USER_START msg=audit(1235820253.568:260): user pid=4296 uid=0 auid=527 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: session open acct="user1" : exe="/bin/login" (hostname=?, addr=?, terminal=tty4 res=success)'<br>
type=CRED_ACQ msg=audit(1235820253.568:261): user pid=4296 uid=0 auid=527 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: setcred acct="user1" : exe="/bin/login" (hostname=?, addr=?, terminal=tty4 res=success)'<br>
type=USER_LOGIN msg=audit(1235820253.570:262): user pid=4296 uid=0 auid=527 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='uid=527: exe="/bin/login" (hostname=?, addr=?, terminal=tty4 res=success)'<br>
type=AVC msg=audit(1235820275.060:263): avc: denied { siginh } for pid=4132 comm="login" scontext=system_u:system_r:getty_t:s0 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process<br>type=AVC msg=audit(1235820275.060:263): avc: denied { rlimitinh } for pid=4132 comm="login" scontext=system_u:system_r:getty_t:s0 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process<br>
type=AVC msg=audit(1235820275.060:263): avc: denied { noatsecure } for pid=4132 comm="login" scontext=system_u:system_r:getty_t:s0 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=process<br>type=SYSCALL msg=audit(1235820275.060:263): arch=c000003e syscall=59 success=yes exit=0 a0=402269 a1=7fff1bcb84a0 a2=7fff1bcba9c0 a3=22 items=0 ppid=1 pid=4132 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty2 comm="login" exe="/bin/login" subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null)<br>
<br>Thanks,<br><br>Prakah<br><br><div class="gmail_quote">On Sat, Feb 28, 2009 at 12:36 AM, Daniel J Walsh <span dir="ltr"><<a href="mailto:dwalsh@redhat.com">dwalsh@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div></div><div class="Wj3C7c">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
prakash hallalli wrote:<br>
> Hi All,<br>
><br>
> I am using CentOS-5 x86_64, I have followed what u have sent the<br>
> steps.<br>
> But still i am getting same user login problem. I am not able to<br>
> login<br>
> user properly in system.<br>
><br>
> These are i have followed the steps.<br>
><br>
> 1. Create a source policy module:-<br>
><br>
> #cd /home/prakash<br>
> #vi prakash.te<br>
> policy_module(prakash, 0.0.1)<br>
> role prakash_r;<br>
> userdom_unpriv_user_template(prakash);<br>
><br>
> 2. Build the source policy module:<br>
><br>
> #make -f /usr/share/selinux/devel/Makefile<br>
><br>
> 3. Install the binary policy module:<br>
><br>
> #semodule -i prakash.pp<br>
><br>
> 4. Create default contexts for prakash:<br>
><br>
> #cd /etc/selinux/targeted/contexts/users<br>
> #vi prakash<br>
> system_r:system_local_login_t:s0 prakash_r:prakash_t:s0<br>
> system_r:remote_login_t:s0 prakash_r:prakash_t:s0<br>
> system_r:sshd_t:s0 prakash_r:prakash_t:s0<br>
> system_r:crond_t:s0 prakash_r:prakash_t:s0<br>
> system_r:xdm_t:s0 prakash_r:prakash_t:s0<br>
> prakash_r:prakash_su_t:s0 prakash_r:prakash_t:s0<br>
> prakash_r:prakash_sudo_t:s0 prakash_r:prakash_t:s0<br>
> system_r:initrc_su_t:s0 prakash_r:prakash_t:s0<br>
> prakash_r:prakash_t:s0 prakash_r:prakash_t:s0<br>
><br>
> 5. Create a SELinux user mapping for prakash:<br>
><br>
> #semanage user -a -L s0 -r s0-s0 -R "prakash_r" -P user prakash<br>
><br>
> 6. Add new prakash user for user1:<br>
><br>
> #useradd -Z prakash user1<br>
><br>
> 7. when i will try to login in the system, will get permission denied<br>
> message.<br>
><br>
> gtt login: user1<br>
> password: XXXXXX<br>
><br>
> -bash: /home/user1/.bash_profile: Permission denied<br>
> -bash-3.1$id<br>
> uid=524(user1) gid=525(user1) groups=525(user1)<br>
> context=prakash:prakash_r:prakash_t<br>
><br>
> I tryed to one more user then all so i got same problem. I am not sure<br>
> what i did the mistakes, Please help me what i have to do.<br>
><br>
> Thanks,<br>
> Prakash, k, h.<br>
><br>
> On Wed, Feb 25, 2009 at 9:17 PM, Daniel J Walsh <<a href="mailto:dwalsh@redhat.com">dwalsh@redhat.com</a>> wrote:<br>
><br>
</div></div><div><div></div><div class="Wj3C7c">> prakash hallalli wrote:<br>
>>>> Hi All,<br>
>>>><br>
>>>> I have created 'myuser' user and created custom module policy<br>
> for<br>
>>>> user.<br>
>>>> I have installed successfully module, but when i logging myuser in<br>
>>>> i will get bash prompt.<br>
>>>><br>
>>>> I have followed as below steps for creating module.<br>
>>>><br>
>>>> #vi myuser.te<br>
>>>> policy_module(myuser, 0.0.1)<br>
>>>> role myuser_r;<br>
>>>> userdom_unpriv_user_templete(myuser)<br>
>>>><br>
>>>> #make -f /usr/share/selinux/devel/Makefile<br>
>>>> #sudo semodule i myuser.pp<br>
>>>> #semanage user a L s0 r s0s0 L "myuser1_r" P user myuser1<br>
>>>> #useradd Z myuser1 myuser1<br>
>>>><br>
>>>> I did all the step when i try login in system following error will<br>
> display.<br>
>>>> gtt login: myuser<br>
>>>> password: XXXXXX<br>
>>>><br>
>>>> -bash: /home/myuser/.bash_profile: Permission denied<br>
>>>> -bash-3.1$<br>
>>>><br>
>>>> Please give what should i have to do.<br>
>>>><br>
>>>> Thanks,<br>
>>>> Prakash.<br>
>>>><br>
>>>><br>
>>>><br>
>>>> ------------------------------------------------------------------------<br>
>>>><br>
>>>> --<br>
>>>> fedora-selinux-list mailing list<br>
>>>> <a href="mailto:fedora-selinux-list@redhat.com">fedora-selinux-list@redhat.com</a><br>
>>>> <a href="https://www.redhat.com/mailman/listinfo/fedora-selinux-list" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-selinux-list</a><br>
> Which OS and Version.<br>
><br>
> Depending on the policy you might need to relabe the homedir to get the<br>
> labels correct.<br>
><br>
> restorecon -R -v /home<br>
><br>
>><br>
<br>
> ------------------------------------------------------------------------<br>
<br>
> --<br>
> fedora-selinux-list mailing list<br>
> <a href="mailto:fedora-selinux-list@redhat.com">fedora-selinux-list@redhat.com</a><br>
> <a href="https://www.redhat.com/mailman/listinfo/fedora-selinux-list" target="_blank">https://www.redhat.com/mailman/listinfo/fedora-selinux-list</a><br>
<br>
</div></div>Please attach the AVC messages from /var/log/audit/audit.log.<br>
<div class="Ih2E3d">-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.9 (GNU/Linux)<br>
Comment: Using GnuPG with Fedora - <a href="http://enigmail.mozdev.org" target="_blank">http://enigmail.mozdev.org</a><br>
<br>
</div>iEYEARECAAYFAkmoOc0ACgkQrlYvE4MpobNI/QCeOM9/9g9s3qIEb/b+w5gdGF3e<br>
VxYAnROI42+yd2xSycJJPqEVjovwMuVA<br>
=zXsG<br>
-----END PGP SIGNATURE-----<br>
</blockquote></div><br>