On Friday 22 December 2006 00:42, you wrote: > On Thu, Dec 21, 2006 at 08:14:49PM -0200, Eduardo Madeira Fleury wrote: > You need to add the "select_context" option in /etc/pam.d/login and log > in at a console: > > session required pam_selinux.so open select_context > > The KS script does that starting from v16. > -Klaus
Thanks Klaus, I do see the role change prompt now that I have a system installed with KS v16. > Does the output of 'semanage user -l' and/or 'semanage login -l' indicate > that the userid in qestion actually has more than one role as a > possibility? Yes Valdis, it did actually, however the problem was the config Klaus suggested above. Thanks. Ok, now I have another question, I can see the role/change prompt now and I can use it to change my MLS level but I can't change my role without getting an error message saying the context is invalid, even when I know it is. For instance, I can't login as root:secadm_r:secadm_t:SystemLow-SystemHigh doing the following: login: root password: ********* Would you like to enter a role/level [y]? y role: secadm_r level: SystemLow-SystemHigh Not a valid security context. But if I login as usual (ie. without selecting a role/level) I receive a sysadm_r and then I can simply newrole to secadm_r. Is this expected/known? Thanks! -- Eduardo M. Fleury IBM Linux Technology Center Brazil Mobile: +55-19-81224410 email: [EMAIL PROTECTED] -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
