Hello,
Is the problem below a SELinux related issue, please? If so, how to resolve this, please?
/var/log/messages: "... -:0[3004]: Warning! Could not get current context for /dev/:0, not relabeling. ..."
TIA, Vinicius.
On Wed, 2004-12-08 at 20:23 -0200, Vinicius wrote:
Hello,
Is the problem below a SELinux related issue, please? If so, how to resolve this, please?
/var/log/messages: "... -:0[3004]: Warning! Could not get current context for /dev/:0, not relabeling. ..."
Yes, it's related to SELinux; I think the warning is from fixfiles. But I have no idea what /dev/:0 would be. My system has no such device.
On Wed, Dec 08, 2004 at 05:57:31PM -0500, Colin Walters wrote:
On Wed, 2004-12-08 at 20:23 -0200, Vinicius wrote:
Is the problem below a SELinux related issue, please? If so, how to resolve this, please?
/var/log/messages: "... -:0[3004]: Warning! Could not get current context for /dev/:0, not relabeling. ..."
Yes, it's related to SELinux; I think the warning is from fixfiles. But I have no idea what /dev/:0 would be. My system has no such device.
I think some piece of code (pam_selinux maybe?) is assuming that prepending "/dev/" to the value of the PAM_TTY item results in a path which can be relabeled. I think gdm sets it to ":0" on at least some platforms, for example.
Is there a particular command or program being run when this happens, or is it happening when you log in?
Nalin
On Wed, 2004-12-08 at 18:09, Nalin Dahyabhai wrote:
I think some piece of code (pam_selinux maybe?) is assuming that prepending "/dev/" to the value of the PAM_TTY item results in a path which can be relabeled. I think gdm sets it to ":0" on at least some platforms, for example.
Is there a particular command or program being run when this happens, or is it happening when you log in?
Hmm...I thought that the SELinux patch for gdm was upstreamed and that it no longer needed to use pam_selinux (and I seem to recall pam_selinux not working for gdm anyway since the pam_open_session call was made from the wrong process to set up the exec context), but I still see a pam_selinux entry in /etc/pam.d/gdmsetup. Ok, looking at the gdm SRPM, there is definitely SELinux code in daemon/slave.c to get the user's default context and set the exec context, so I don't see why you'd need pam_selinux for it.
Stephen Smalley wrote:
On Wed, 2004-12-08 at 18:09, Nalin Dahyabhai wrote:
I think some piece of code (pam_selinux maybe?) is assuming that prepending "/dev/" to the value of the PAM_TTY item results in a path which can be relabeled. I think gdm sets it to ":0" on at least some platforms, for example.
Is there a particular command or program being run when this happens, or is it happening when you log in?
Hmm...I thought that the SELinux patch for gdm was upstreamed and that it no longer needed to use pam_selinux (and I seem to recall pam_selinux not working for gdm anyway since the pam_open_session call was made from the wrong process to set up the exec context), but I still see a pam_selinux entry in /etc/pam.d/gdmsetup. Ok, looking at the gdm SRPM, there is definitely SELinux code in daemon/slave.c to get the user's default context and set the exec context, so I don't see why you'd need pam_selinux for it.
Ok removing from gdm.
selinux@lists.fedoraproject.org