-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/30/2011 08:07 PM, Dominick Grift wrote:
On 03/30/2011 07:56 PM, Dominick Grift wrote:
> $ sesearch --allow -SC -T | grep unconfined_login
> ERROR: policydb version 25 does not match my version range 15-24
> ERROR: Unable to open policy /etc/selinux/targeted/policy/policy.25.
> ERROR: Success
> by the way: looks like if i set unconfined_login to off that then
> sulogin_t is not allowed to execute shell_exec_t?
i meant on instead of off, i think its because my root was mapped to
unconfined_u: so at least that part of unconfined_login works.
ifdef(`enable_mls',`
sysadm_shell_domtrans(sulogin_t)
',`
optional_policy(`
unconfined_shell_domtrans(sulogin_t)
')
')
should that not be:
sysadm_shell_domtrans(sulogin_t)
ifndef(`enable_mls`,'
optional_policy(`
unconfined_shell_domtrans(sulogin_t)
')
')
Because one can also map root to sysadm_u in targeted policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk2Tc/sACgkQMlxVo39jgT8GBwCgwGeKGOJ9ukqeALi1PFcqSIKb
b6gAn3movTTIjh7zG6VYm6RosBT3gOP2
=+GSJ
-----END PGP SIGNATURE-----