error: ssh_selinux_getctxbyname: Failed to get default SELinux security context
Daniel J Walsh
dwalsh at redhat.com
Thu Sep 30 18:24:20 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/30/2010 10:18 AM, imsand at puzzle.ch wrote:
> another interesting thing is the following:
> (seen with the debug option in pam_selinux)
>
> assuming that the linux user is mat and the corresponding selinux user is
> mat_u. during ssh login this happens:
>
> Sep 30 16:09:49 testsrv sshd[4328]: pam_selinux(sshd:session): Open Session
> Sep 30 16:09:49 testsrv sshd[4328]: pam_selinux(sshd:session): Open Session
> Sep 30 16:09:49 testsrv sshd[4328]: pam_selinux(sshd:session): Username=
> mat SELinux User = mat_u Level= (null)
> Sep 30 16:09:49 testsrv sshd[4328]: pam_selinux(sshd:session): set mat
> security context to mat_u:staff_r:staff_t
> Sep 30 16:09:49 testsrv sshd[4328]: pam_selinux(sshd:session): set mat key
> creation context to mat_u:staff_r:staff_t
>
> As we can see, the user mapping works as desired and the new choosen
> context should be all right => mat_u:staff_r:staff_t.
>
> But then, when I do an id -Z after successful login, the shell's context
> is context=user_u:user_r:user_t.
>
> Very strange....
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
You got me. If you create the mat_u user and login does the pam_selinux
session look different?
Why don't you ask on the upstream selinux list. More sles experience is
probably there that is not monitoring this list.
<selinux at tycho.nsa.gov>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkyk1dMACgkQrlYvE4MpobO7cQCeJt8x3QmnammA6NahRasyuK8l
jR8AnjmTIhLgBTOvBgJlhSqW9vm9fMt8
=Hx39
-----END PGP SIGNATURE-----
More information about the selinux
mailing list