-----BEGIN PGP SIGNED MESSAGE-----
On 03/30/2011 08:45 PM, Daniel J Walsh wrote:
On 03/30/2011 02:21 PM, Dominick Grift wrote:
> On 03/30/2011 08:18 PM, Dominick Grift wrote:
>> On 03/30/2011 08:07 PM, Dominick Grift wrote:
>>> On 03/30/2011 07:56 PM, Dominick Grift wrote:
>>>> $ sesearch --allow -SC -T | grep unconfined_login
>>>> ERROR: policydb version 25 does not match my version range 15-24
>>>> ERROR: Unable to open policy /etc/selinux/targeted/policy/policy.25.
>>>> ERROR: Success
>>>> by the way: looks like if i set unconfined_login to off that then
>>>> sulogin_t is not allowed to execute shell_exec_t?
>>> i meant on instead of off, i think its because my root was mapped to
>>> unconfined_u: so at least that part of unconfined_login works.
>> should that not be:
>> Because one can also map root to sysadm_u in targeted policy.
> BTW i suspect we also need this in ssh.te;
No its already there. Something else is wrong. I suspect that it may be
conflicting with ssh_sysadm_login since unconfined_t is also an unpriv user.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----