I’d like to thank the mailing list inhabitants for all the help you’ve given me. So, Thanks!

 

I modified the targeted policy for Fedora 12 and got Likewise Open to install, join Active Directory, and allow users to authenticate without any problems! The problem is, I’m not quite sure what some of the rules do and whether they are necessary.

 

For example, I patched the authentication daemon (lsassd) to properly set up the user’s home directory and I’m using  matchpathcon(3) and setfilecon(3). At first, matchpathcon would fail but I could find *no* messages indicating a problem. I finally copied a block of rules from another policy and that worked.

 

The rules I copied are:

selinux_get_fs_mount(lsassd_t)

selinux_validate_context(lsassd_t)

selinux_compute_access_vector(lsassd_t)

selinux_compute_create_context(lsassd_t)

selinux_compute_relabel_context(lsassd_t)

selinux_compute_user_contexts(lsassd_t)

 

Now I could try things one by one and see what works and what doesn’t, but I have some other rule blocks where I have the same type of problem and then a combinatorial explosion gets involved. I have also tried looking things up online, but pages like this (http://www.softeh.ro/doc/selinux-policy-2.2.23/html/kernel_selinux.html) did not really help me for many of the rules.

 

What have I missed? Is there another level of logging I could turn on somewhere?