i get this on rawhide.
Dominick Grift
domg472 at gmail.com
Wed Mar 30 18:21:47 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/30/2011 08:18 PM, Dominick Grift wrote:
> On 03/30/2011 08:07 PM, Dominick Grift wrote:
>> On 03/30/2011 07:56 PM, Dominick Grift wrote:
>>> $ sesearch --allow -SC -T | grep unconfined_login
>>> ERROR: policydb version 25 does not match my version range 15-24
>>> ERROR: Unable to open policy /etc/selinux/targeted/policy/policy.25.
>>> ERROR: Success
>
>>> by the way: looks like if i set unconfined_login to off that then
>>> sulogin_t is not allowed to execute shell_exec_t?
>
>> i meant on instead of off, i think its because my root was mapped to
>> unconfined_u: so at least that part of unconfined_login works.
>
> ifdef(`enable_mls',`
> sysadm_shell_domtrans(sulogin_t)
> ',`
> optional_policy(`
> unconfined_shell_domtrans(sulogin_t)
> ')
> ')
>
> should that not be:
>
> sysadm_shell_domtrans(sulogin_t)
>
> ifndef(`enable_mls`,'
> optional_policy(`
> unconfined_shell_domtrans(sulogin_t)
> ')
> ')
>
> Because one can also map root to sysadm_u in targeted policy.
BTW i suspect we also need this in ssh.te;
ifndef(`enable_mls`,'
optional_policy(`
unconfined_shell_domtrans(sshd_t)
')
')
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2TdLsACgkQMlxVo39jgT+llACgraZj8qTNHxM8sdmSvd7KK+jZ
6vAAmwYfsiaMlmRXEiirjlMN7RilSUwX
=/EX1
-----END PGP SIGNATURE-----
More information about the selinux
mailing list