My original problem was With the default pam options, pam_selinux is unable to get the user context, during login it would default to system_u:system_r:local_login_t context. I got around this problem for some time by changing /etc/pam.d/login line to

Session required pam_selinux.so open verbose select_context.
I found on http://www.nsa.gov/selinux/list-archive/0706/21321.cfm that this was a bug in pam and by upgrading from pam-0.1.77-66.23.i386.rpm (or earlier versions) to pam-0.1.99.6.2-3.26.el5.i386.rpm would get rid of the problem. This upgrade has actually caused more problems. I can no longer even log into my virtual machine with my install in enforcing, in permissive mode it is fine. Unfortunately there are no AVC denials when.

My Virtual Machine is running RHEL5, libselinux-1.1.33.4-4.el5.i386.rpm, and reference policy that came with the Bedrock tool from Tresys refpolicy-20070417.tar.bz2

Possibly I missed something while upgrading pam? I have looked through all of the files the pam-0.1.99.6.2-3.26.el5.i386.rpm has installed and they all seem correct.

Thanks in advance,
-K

This email message is for the sole use of the intended recipient(s) and may contain GDC4S confidential or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not an intended recipient, please contact the sender by reply email and destroy all copies of the original message.