11:59 a.m.
We have an selinux user specialuser_u defined. The outputs of the semanage command are as
seen below
semanager user –l
admin_u user s0 SystemLow-SystemHigh system_r sysadm_r
guest_u guest s0 s0 guest_r
remotesupport_u user s0 SystemLow-SystemHigh system_r sysadm_r
root sysadm s0 SystemLow-SystemHigh system_r sysadm_r
specialuser_u user s0 s0 system_r sysadm_r
staff_u staff s0 SystemLow-SystemHigh sysadm_r staff_r
sysadm_u sysadm s0 SystemLow-SystemHigh sysadm_r
system_u user s0 SystemLow-SystemHigh system_r
Now, we see the following in our log files
pam_selinux(sshd:session): Error! Unable to set executable context €‡\
ialuser_u:sysadm_r:sysadm_t.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context
€×ª_ialuser_u:sysadm_r:sysadm_t:s0.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context €gb
ialuser_u:sysadm_r:sysadm_t.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context €
³_ialuser_u:sysadm_r:sysadm_t:s0.
/etc/pam.d/sshd looks as follows
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session required pam_selinux.so
Could anyone help us with why we are seeing these error messages and why the specialuser_u
is corrupted with control chars?
12:42 p.m.
New subject: pam_selinux(sshd:session): Error! Unable to set executable context
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
We have an selinux user specialuser_u defined. The outputs of the semanage
command are as seen below
semanager user –l
admin_u user s0 SystemLow-SystemHigh
system_r sysadm_r
guest_u guest s0 s0
guest_r
remotesupport_u user s0 SystemLow-SystemHigh
system_r sysadm_r
root sysadm s0 SystemLow-SystemHigh
system_r sysadm_r
specialuser_u user s0 s0
system_r sysadm_r
staff_u staff s0 SystemLow-SystemHigh
sysadm_r staff_r
sysadm_u sysadm s0 SystemLow-SystemHigh
sysadm_r
system_u user s0 SystemLow-SystemHigh
system_r
I have no idea what the random chars are, but did you setup a
/etc/selinux/targeted/contexts/users/specialuser_u file?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCAP5gACgkQrlYvE4MpobN9BACgsoMg3JUn5VtPgkbRpsAC7SEk
zmIAni4fDdROC0VKViTtlDU1QEJQmdYE
=Cebx
-----END PGP SIGNATURE-----
1:25 p.m.
Dan,
No, we have not set up /etc/selinux/strict/contexts/users/specialuser_u (we are using
strict policy).
But, it should fall back to the /etc/selinux/strict/contexts/default_contexts then. Would
that not work? The defaults_contexts looks like this
system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0
system_r:local_login_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0
system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0
sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 mailman_r:user_crond_t:s0
system_r:xdm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
staff_r:staff_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
user_r:user_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
Thanks,
Radha.
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: Thursday, October 18, 2012 10:43 AM
To: Radha Venkatesh (radvenka)
Cc: selinux(a)lists.fedoraproject.org
Subject: Re: pam_selinux(sshd:session): Error! Unable to set executable context
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
We have an selinux user specialuser_u defined. The outputs of the semanage
command are as seen below
semanager user –l
admin_u user s0 SystemLow-SystemHigh
system_r sysadm_r
guest_u guest s0 s0
guest_r
remotesupport_u user s0 SystemLow-SystemHigh
system_r sysadm_r
root sysadm s0 SystemLow-SystemHigh
system_r sysadm_r
specialuser_u user s0 s0
system_r sysadm_r
staff_u staff s0 SystemLow-SystemHigh
sysadm_r staff_r
sysadm_u sysadm s0 SystemLow-SystemHigh
sysadm_r
system_u user s0 SystemLow-SystemHigh
system_r
I have no idea what the random chars are, but did you setup a
/etc/selinux/targeted/contexts/users/specialuser_u file?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCAP5gACgkQrlYvE4MpobN9BACgsoMg3JUn5VtPgkbRpsAC7SEk
zmIAni4fDdROC0VKViTtlDU1QEJQmdYE
=Cebx
-----END PGP SIGNATURE-----
2:23 p.m.
New subject: pam_selinux(sshd:session): Error! Unable to set executable context
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/18/2012 02:25 PM, Radha Venkatesh (radvenka) wrote:
Dan,
No, we have not set up /etc/selinux/strict/contexts/users/specialuser_u (we
are using strict policy).
But, it should fall back to the
/etc/selinux/strict/contexts/default_contexts then. Would that not work?
The defaults_contexts looks like this
system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0 system_r:local_login_t:s0
staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0
system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0
sysadm_r:sysadm_t:s0 system_r:crond_t:s0 user_r:user_crond_t:s0
staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0
system_r:system_crond_t:s0 mailman_r:user_crond_t:s0 system_r:xdm_t:s0
staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
staff_r:staff_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
sysadm_r:sysadm_t:s0 sysadm_r:sysadm_su_t:s0 staff_r:staff_t:s0
user_r:user_t:s0 sysadm_r:sysadm_t:s0 user_r:user_su_t:s0
staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
Thanks, Radha.
-----Original Message----- From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: Thursday, October 18, 2012 10:43 AM To: Radha Venkatesh (radvenka)
Cc: selinux(a)lists.fedoraproject.org Subject: Re: pam_selinux(sshd:session):
Error! Unable to set executable context
On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
> We have an selinux user specialuser_u defined. The outputs of the
> semanage command are as seen below
> semanager user –l
> admin_u user s0 SystemLow-SystemHigh system_r
> sysadm_r
> guest_u guest s0 s0 guest_r
> remotesupport_u user s0 SystemLow-SystemHigh system_r
> sysadm_r
> root sysadm s0 SystemLow-SystemHigh system_r
> sysadm_r
> specialuser_u user s0 s0 system_r sysadm_r
> staff_u staff s0 SystemLow-SystemHigh sysadm_r
> staff_r
> sysadm_u sysadm s0 SystemLow-SystemHigh sysadm_r
> system_u user s0 SystemLow-SystemHigh system_r
I have no idea what the random chars are, but did you setup a
/etc/selinux/targeted/contexts/users/specialuser_u file?
Yes you are right. One curious thing, you say you are logging in as
specialuser_u, but your log shows.
ialuser_u:sysadm_r:sysadm_t Which seems strange.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCAVxcACgkQrlYvE4MpobPmDACguivHu5/cVuxU9q63EPA6o0ty
3/4AoJ1kE3Wrzgx8DV5MUWpvi9KCm14F
=j/df
-----END PGP SIGNATURE-----
2:29 p.m.
New subject: pam_selinux(sshd:session): Error! Unable to set executable context
On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
We have an selinux user specialuser_u defined. The outputs of the
semanage command are as seen below
semanager user –l
admin_u user s0 SystemLow-SystemHigh
system_r sysadm_r
guest_u guest s0 s0 guest_r
remotesupport_u user s0 SystemLow-SystemHigh
system_r sysadm_r
root sysadm s0 SystemLow-SystemHigh
system_r sysadm_r
specialuser_u user s0 s0
system_r sysadm_r
staff_u staff s0 SystemLow-SystemHigh
sysadm_r staff_r
sysadm_u sysadm s0 SystemLow-SystemHigh
sysadm_r
system_u user s0 SystemLow-SystemHigh
system_r
Now, we see the following in our log files
pam_selinux(sshd:session): Error! Unable to set executable context
€‡\ ialuser_u:sysadm_r:sysadm_t.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context
€×ª_ialuser_u:sysadm_r:sysadm_t:s0.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context
€gb ialuser_u:sysadm_r:sysadm_t.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context €
³_ialuser_u:sysadm_r:sysadm_t:s0.
/etc/pam.d/sshd looks as follows
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session required pam_selinux.so
Could anyone help us with why we are seeing these error messages and why
the specialuser_u is corrupted with control chars?
Sounds like a memory corruption bug in pam_selinux. Bugzilla?
3:37 p.m.
New subject: pam_selinux(sshd:session): Error! Unable to set executable context
What can we do to rectify this now? Any workarounds?
-----Original Message-----
From: selinux-bounces(a)lists.fedoraproject.org
[mailto:selinux-bounces@lists.fedoraproject.org] On Behalf Of Stephen Smalley
Sent: Thursday, October 18, 2012 12:30 PM
To: selinux(a)lists.fedoraproject.org
Subject: Re: pam_selinux(sshd:session): Error! Unable to set executable context
On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
We have an selinux user specialuser_u defined. The outputs of the
semanage command are as seen below
semanager user –l
admin_u user s0 SystemLow-SystemHigh
system_r sysadm_r
guest_u guest s0 s0 guest_r
remotesupport_u user s0 SystemLow-SystemHigh
system_r sysadm_r
root sysadm s0 SystemLow-SystemHigh
system_r sysadm_r
specialuser_u user s0 s0
system_r sysadm_r
staff_u staff s0 SystemLow-SystemHigh
sysadm_r staff_r
sysadm_u sysadm s0 SystemLow-SystemHigh
sysadm_r
system_u user s0 SystemLow-SystemHigh
system_r
Now, we see the following in our log files
pam_selinux(sshd:session): Error! Unable to set executable context
€‡\ ialuser_u:sysadm_r:sysadm_t.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context
€×ª_ialuser_u:sysadm_r:sysadm_t:s0.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context
€gb ialuser_u:sysadm_r:sysadm_t.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context €
³_ialuser_u:sysadm_r:sysadm_t:s0.
/etc/pam.d/sshd looks as follows
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session required pam_selinux.so
Could anyone help us with why we are seeing these error messages and why
the specialuser_u is corrupted with control chars?
Sounds like a memory corruption bug in pam_selinux. Bugzilla?
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
11:12 a.m.
New subject: pam_selinux(sshd:session): Error! Unable to set executable context
Any suggestions on how this issue can be overcome?
Thanks,
Radha.
-----Original Message-----
From: Radha Venkatesh (radvenka)
Sent: Thursday, October 18, 2012 1:37 PM
To: 'Stephen Smalley'; selinux(a)lists.fedoraproject.org
Subject: RE: pam_selinux(sshd:session): Error! Unable to set executable context
What can we do to rectify this now? Any workarounds?
-----Original Message-----
From: selinux-bounces(a)lists.fedoraproject.org
[mailto:selinux-bounces@lists.fedoraproject.org] On Behalf Of Stephen Smalley
Sent: Thursday, October 18, 2012 12:30 PM
To: selinux(a)lists.fedoraproject.org
Subject: Re: pam_selinux(sshd:session): Error! Unable to set executable context
On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
We have an selinux user specialuser_u defined. The outputs of the
semanage command are as seen below
semanager user –l
admin_u user s0 SystemLow-SystemHigh
system_r sysadm_r
guest_u guest s0 s0 guest_r
remotesupport_u user s0 SystemLow-SystemHigh
system_r sysadm_r
root sysadm s0 SystemLow-SystemHigh
system_r sysadm_r
specialuser_u user s0 s0
system_r sysadm_r
staff_u staff s0 SystemLow-SystemHigh
sysadm_r staff_r
sysadm_u sysadm s0 SystemLow-SystemHigh
sysadm_r
system_u user s0 SystemLow-SystemHigh
system_r
Now, we see the following in our log files
pam_selinux(sshd:session): Error! Unable to set executable context
€‡\ ialuser_u:sysadm_r:sysadm_t.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context
€×ª_ialuser_u:sysadm_r:sysadm_t:s0.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context
€gb ialuser_u:sysadm_r:sysadm_t.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context €
³_ialuser_u:sysadm_r:sysadm_t:s0.
/etc/pam.d/sshd looks as follows
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session required pam_selinux.so
Could anyone help us with why we are seeing these error messages and why
the specialuser_u is corrupted with control chars?
Sounds like a memory corruption bug in pam_selinux. Bugzilla?
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
12:21 p.m.
New subject: pam_selinux(sshd:session): Error! Unable to set executable context
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/19/2012 12:12 PM, Radha Venkatesh (radvenka) wrote:
Any suggestions on how this issue can be overcome?
Thanks, Radha.
-----Original Message----- From: Radha Venkatesh (radvenka) Sent: Thursday,
October 18, 2012 1:37 PM To: 'Stephen Smalley';
selinux(a)lists.fedoraproject.org Subject: RE: pam_selinux(sshd:session):
Error! Unable to set executable context
What can we do to rectify this now? Any workarounds?
-----Original Message----- From: selinux-bounces(a)lists.fedoraproject.org
[mailto:selinux-bounces@lists.fedoraproject.org] On Behalf Of Stephen
Smalley Sent: Thursday, October 18, 2012 12:30 PM To:
selinux(a)lists.fedoraproject.org Subject: Re: pam_selinux(sshd:session):
Error! Unable to set executable context
On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
> We have an selinux user specialuser_u defined. The outputs of the
> semanage command are as seen below
>
> semanager user –l
>
> admin_u user s0 SystemLow-SystemHigh system_r
> sysadm_r
>
> guest_u guest s0 s0
> guest_r
>
> remotesupport_u user s0 SystemLow-SystemHigh system_r
> sysadm_r
>
> root sysadm s0 SystemLow-SystemHigh system_r
> sysadm_r
>
> specialuser_u user s0 s0 system_r sysadm_r
>
> staff_u staff s0 SystemLow-SystemHigh sysadm_r
> staff_r
>
> sysadm_u sysadm s0 SystemLow-SystemHigh sysadm_r
>
> system_u user s0 SystemLow-SystemHigh system_r
>
> Now, we see the following in our log files
>
> pam_selinux(sshd:session): Error! Unable to set executable context €‡\
> ialuser_u:sysadm_r:sysadm_t.
>
> …
>
> …
>
> …
>
> pam_selinux(sshd:session): Error! Unable to set executable context
> €×ª_ialuser_u:sysadm_r:sysadm_t:s0.
>
> …
>
> …
>
> …
>
> pam_selinux(sshd:session): Error! Unable to set executable context €gb
> ialuser_u:sysadm_r:sysadm_t.
>
> …
>
> …
>
> …
>
> pam_selinux(sshd:session): Error! Unable to set executable context €
> ³_ialuser_u:sysadm_r:sysadm_t:s0.
>
> /etc/pam.d/sshd looks as follows
>
> #%PAM-1.0
>
> auth required pam_stack.so service=system-auth
>
> account required pam_nologin.so
>
> account required pam_stack.so service=system-auth
>
> password required pam_stack.so service=system-auth
>
> session required pam_stack.so service=system-auth
>
> session required pam_loginuid.so
>
> session optional pam_keyinit.so force revoke
>
> session required pam_selinux.so
>
> Could anyone help us with why we are seeing these error messages and why
> the specialuser_u is corrupted with control chars?
Sounds like a memory corruption bug in pam_selinux. Bugzilla?
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing
list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Radha, can you see if selinuxdefcon and selinuxconlist help you diagnose what
is going on. (If they exists on on RHEL6?)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCBjDcACgkQrlYvE4MpobMtWACfYZ6pfkyQf5HZqxCWeH/G4+ly
9t8An3RPDS9B0Xdkb62hcfydNH6/4/le
=ZavA
-----END PGP SIGNATURE-----
12:25 p.m.
New subject: pam_selinux(sshd:session): Error! Unable to set executable context
Dan,
This issue is at a customer deployment which has RHEL 5, not RHEL 6.
Thanks,
Radha.
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: Friday, October 19, 2012 10:22 AM
To: Radha Venkatesh (radvenka)
Cc: Stephen Smalley; selinux(a)lists.fedoraproject.org
Subject: Re: pam_selinux(sshd:session): Error! Unable to set executable context
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/19/2012 12:12 PM, Radha Venkatesh (radvenka) wrote:
Any suggestions on how this issue can be overcome?
Thanks, Radha.
-----Original Message----- From: Radha Venkatesh (radvenka) Sent: Thursday,
October 18, 2012 1:37 PM To: 'Stephen Smalley';
selinux(a)lists.fedoraproject.org Subject: RE: pam_selinux(sshd:session):
Error! Unable to set executable context
What can we do to rectify this now? Any workarounds?
-----Original Message----- From: selinux-bounces(a)lists.fedoraproject.org
[mailto:selinux-bounces@lists.fedoraproject.org] On Behalf Of Stephen
Smalley Sent: Thursday, October 18, 2012 12:30 PM To:
selinux(a)lists.fedoraproject.org Subject: Re: pam_selinux(sshd:session):
Error! Unable to set executable context
On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
> We have an selinux user specialuser_u defined. The outputs of the
> semanage command are as seen below
>
> semanager user –l
>
> admin_u user s0 SystemLow-SystemHigh system_r
> sysadm_r
>
> guest_u guest s0 s0
> guest_r
>
> remotesupport_u user s0 SystemLow-SystemHigh system_r
> sysadm_r
>
> root sysadm s0 SystemLow-SystemHigh system_r
> sysadm_r
>
> specialuser_u user s0 s0 system_r sysadm_r
>
> staff_u staff s0 SystemLow-SystemHigh sysadm_r
> staff_r
>
> sysadm_u sysadm s0 SystemLow-SystemHigh sysadm_r
>
> system_u user s0 SystemLow-SystemHigh system_r
>
> Now, we see the following in our log files
>
> pam_selinux(sshd:session): Error! Unable to set executable context €‡\
> ialuser_u:sysadm_r:sysadm_t.
>
> …
>
> …
>
> …
>
> pam_selinux(sshd:session): Error! Unable to set executable context
> €×ª_ialuser_u:sysadm_r:sysadm_t:s0.
>
> …
>
> …
>
> …
>
> pam_selinux(sshd:session): Error! Unable to set executable context €gb
> ialuser_u:sysadm_r:sysadm_t.
>
> …
>
> …
>
> …
>
> pam_selinux(sshd:session): Error! Unable to set executable context €
> ³_ialuser_u:sysadm_r:sysadm_t:s0.
>
> /etc/pam.d/sshd looks as follows
>
> #%PAM-1.0
>
> auth required pam_stack.so service=system-auth
>
> account required pam_nologin.so
>
> account required pam_stack.so service=system-auth
>
> password required pam_stack.so service=system-auth
>
> session required pam_stack.so service=system-auth
>
> session required pam_loginuid.so
>
> session optional pam_keyinit.so force revoke
>
> session required pam_selinux.so
>
> Could anyone help us with why we are seeing these error messages and why
> the specialuser_u is corrupted with control chars?
Sounds like a memory corruption bug in pam_selinux. Bugzilla?
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing
list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Radha, can you see if selinuxdefcon and selinuxconlist help you diagnose what
is going on. (If they exists on on RHEL6?)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCBjDcACgkQrlYvE4MpobMtWACfYZ6pfkyQf5HZqxCWeH/G4+ly
9t8An3RPDS9B0Xdkb62hcfydNH6/4/le
=ZavA
-----END PGP SIGNATURE-----
3812
days inactive
3813
days old
selinux@lists.fedoraproject.org
8 comments
3 participants
participants (3)
-
Daniel J Walsh -
Radha Venkatesh (radvenka) -
Stephen Smalley