Why am I a guest on Fedora 18?

Daniel J Walsh dwalsh at redhat.com
Tue Nov 13 18:57:38 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/13/2012 01:54 PM, Erinn Looney-Triggs wrote:
> On 11/13/12 10:40, Daniel J Walsh wrote:
>> On 11/13/2012 11:37 AM, Erinn Looney-Triggs wrote:
>>> Been trying to figure this one out for a bit.
>> 
>>> erinn at thin-mint ~ $ id -Z guest_u:guest_r:oddjob_mkhomedir_t:s0
>> 
>>> Fine, well not fine, but given that the homedir was created by oddjob
>>> since this is an IPA client, it makes sense.
>> 
>>> However:
>> 
>>> erinn at thin-mint ~ $ sudo semanage login -l
>> 
>>> Login Name                SELinux User              MLS/MCS Range
>> 
>> 
>>> __default__               unconfined_u              s0-s0:c0.c1023
>> 
>>> erinn                     unconfined_u              s0-s0:c0.c1023
>> 
>>> root                      unconfined_u              s0-s0:c0.c1023
>> 
>>> system_u                  system_u                  s0-s0:c0.c1023
>> 
>> 
>>> Ok so I should be an unconfined-U according to this mapping, right?
>> 
>>> Is this perhaps SSSD interfering? This F18 client is running against a
>>> RHEL 6.3 IPA server, fully updated. I tried to work with the SELinux
>>> mappings in IPA, however, I was informed that as of 6.3 they are almost
>>> totally broken and to wait for the next release.
>> 
>>> Anyway, any ideas?
>> 
>>> -Erinn
>> 
>> 
>> 
>>> -- selinux mailing list selinux at lists.fedoraproject.org 
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>> 
>> 
>> 
>> Well O have no idea, first make sure your login program has the correct
>> label.
>> 
>> 
> 
> Well hell Dan if you don't know I might be in some serious trouble ;).
> 
> ls -lZ $(which gdm) -rwxr-xr-x. root root system_u:object_r:xdm_exec_t:s0
> /usr/sbin/gdm
> 
> I did a relabel of the entire file system just to make sure, still came up
> as guest_u. Though interestingly, to me at least, it relabelled a bunch of
> files in my homedir unconfined_u, though not all of them.
> 
> I haven't done any customization of SELinux on this system, this was a 
> straight clean install of Fedora 18 Alpha.
> 
> Any other theories?
> 
> -Erinn
> 
> 
> 
ps -eZ | grep gdm


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCimCIACgkQrlYvE4MpobMqHQCeN3lkLE3y/p1JHm9g4Pn1AOdx
O8AAoMZccNoqJ3UaB0fDiQKP5kS/hIjA
=E2R4
-----END PGP SIGNATURE-----

More information about the selinux mailing list