On Fri, 2009-06-05 at 10:10 -0700, Vadym Chepkov wrote:
--- On Fri, 6/5/09, Stephen Smalley <sds(a)tycho.nsa.gov> wrote:
>
> You should have gotten some pam_selinux log messages in
> /var/log/secure
> if you added the debug option and logged into the system
> again.
>
You should be able to see debug option I added in the sshd file I sent you.
No debug entries in /var/log/secure. Could it be that session call never gets out of
pam_winbind, which is called in system-auth?
I don't know. Adding debug to that pam entry on a F10 system here and
logged in, I get the following in /var/log/secure (omitting the
timestamp and hostname prefix):
sshd[3745]: pam_selinux(sshd:session): Open Session
sshd[3745]: pam_selinux(sshd:session): Username= sds SELinux User = unconfined_u Level=
s0
sshd[3745]: pam_selinux(sshd:session): Selected Security Context
unconfined_u:unconfined_r:unconfined_t:s0
sshd[3745]: pam_selinux(sshd:session): Checking if
unconfined_u:unconfined_r:unconfined_t:s0 mls range valid for
unconfined_u:unconfined_r:unconfined_t:s0
sshd[3745]: pam_selinux(sshd:session): set sds security context to
unconfined_u:unconfined_r:unconfined_t:s0
sshd[3745]: pam_selinux(sshd:session): set sds key creation context to
unconfined_u:unconfined_r:unconfined_t:s0
sshd[3745]: pam_selinux(sshd:session): Close Session
--
Stephen Smalley
National Security Agency