-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/30/2011 02:21 PM, Dominick Grift wrote:
On 03/30/2011 08:18 PM, Dominick Grift wrote:
On 03/30/2011 08:07 PM, Dominick Grift wrote:
On 03/30/2011 07:56 PM, Dominick Grift wrote:
$ sesearch --allow -SC -T | grep unconfined_login ERROR: policydb version 25 does not match my version range 15-24 ERROR: Unable to open policy /etc/selinux/targeted/policy/policy.25. ERROR: Success
by the way: looks like if i set unconfined_login to off that then sulogin_t is not allowed to execute shell_exec_t?
i meant on instead of off, i think its because my root was mapped to unconfined_u: so at least that part of unconfined_login works.
ifdef(`enable_mls',` sysadm_shell_domtrans(sulogin_t) ',` optional_policy(` unconfined_shell_domtrans(sulogin_t) ') ')
should that not be:
sysadm_shell_domtrans(sulogin_t)
ifndef(`enable_mls`,' optional_policy(` unconfined_shell_domtrans(sulogin_t) ') ')
Because one can also map root to sysadm_u in targeted policy.
BTW i suspect we also need this in ssh.te;
ifndef(`enable_mls`,' optional_policy(` unconfined_shell_domtrans(sshd_t) ') ')
- -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes, Could you make the change to fedora.