Stephen Smalley wrote:
On Tue, 2006-11-28 at 11:01 -0500, Linda Knippers wrote:
Stephen Smalley wrote:
On Tue, 2006-11-28 at 10:41 -0500, Linda Knippers wrote:
Stephen Smalley wrote:
Version of policycoreutils-newrole and selinux-policy-mls?
Contents of /etc/pam.d/newrole?
Sorry, I'd mentioned in the call that I was running the latest from
Dan's people page but omitted it from the mail. I have these
rpms.
policycoreutils-1.33.2-2.el5
policycoreutils-newrole-1.33.2-2.el5
selinux-policy-mls-2.4.5-3.el5
selinux-policy-2.4.5-3.el5
/etc/pam.d/newrole has this:
#%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so
I would have expected the latter to include:
session required pam_namespace.so unmnt_remnt no_unmount_on_close
I added that line but I don't see any difference in behavior. I added
it at the end. Does the location matter? (Sorry for the dumb pam question).
Possibly, e.g. if there is a sufficient or requisite module in the
system-auth stack. Easiest thing to do is to move it up to the first
one and try again. But now I am wondering whether that policycoreutils
was built with LSPP_PRIV=y, which is required to enable the audit and
namespace functionality. The fedora devel .spec file still has
LOG_AUDIT_PRIV=y, which was the old flag for building with audit support
and no longer is used.
ls -l /usr/bin/newrole
1.33.5-4
It does not. Fixed in 1.33.5-4
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
