Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

SELinux without PAM: stuck in local_login_t context.
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
trainz-are-kul
n00b
n00b


Joined: 25 Jun 2018
Posts: 13
PostPosted: Sat Jun 17, 2023 7:17 am    Post subject: SELinux without PAM: stuck in local_login_t context. Reply with quote
Hello,

I was following the Gentoo Wiki page for SELinux/Installation, however I can not get the user contexts to work properly, much like this post, which seems to imply that PAM is responsible for setting the contexts after login (which my system does not have).

Is PAM a requirement for user contexts to work properly? Installing PAM fixes this.

NOTE: I can manually use
Code:
 runcon -u sysadm_u -r sysadm_r -t sysadm_t bash
to run bash and get rid of the
Code:
Failed to set new SELinux execution context. Is your current SELinux context allowed to run Portage?
warning.

Code:
 $ id -Z
system_u:system_r:local_login_t

Code:
 # id -Z
system_u:system_r:local_login_t

Code:
 # sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              disabled
Policy deny_unknown status:     allowed
Memory protection checking:     actual (secure)
Max kernel policy version:      33

Code:
 # semanage login -l

Login Name                SELinux User             

__default__               unconfined_u             
<user>                       staff_u                 

Code:
 # semanage user -l
SELinux User    SELinux Roles

root            staff_r sysadm_r system_r
staff_u         staff_r sysadm_r system_r
sysadm_u        sysadm_r
system_u        system_r
unconfined_u    unconfined_r
user_u          user_r
Back to top
View user's profile Send private message
Thistled
Guru
Guru


Joined: 06 Jan 2011
Posts: 572
Location: Scotland
PostPosted: Sat Jul 01, 2023 11:21 pm    Post subject: Reply with quote
Are you saying installing PAM fixes this?
If so, then why not install PAM?
_________________
Whatever you do, do it properly!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy