Eduardo Madeira Fleury wrote:
On Friday 22 December 2006 00:42, you wrote:
On Thu, Dec 21, 2006 at 08:14:49PM -0200, Eduardo Madeira Fleury wrote:
You need to add the "select_context" option in /etc/pam.d/login and log
in at a console:
session required pam_selinux.so open select_context
The KS script does that starting from v16.
-Klaus
Thanks Klaus, I do see the role change prompt now that I have a system
installed with KS v16.
Does the output of 'semanage user -l' and/or 'semanage login -l' indicate
that the userid in qestion actually has more than one role as a
possibility?
Yes Valdis, it did actually, however the problem was the config Klaus
suggested above. Thanks.
Ok, now I have another question, I can see the role/change prompt now and I
can use it to change my MLS level but I can't change my role without getting
an error message saying the context is invalid, even when I know it is.
For instance, I can't login as root:secadm_r:secadm_t:SystemLow-SystemHigh
doing the following:
login: root
password: *********
Would you like to enter a role/level [y]? y
role: secadm_r
level: SystemLow-SystemHigh
Not a valid security context.
But if I login as usual (ie. without selecting a role/level) I receive a
sysadm_r and then I can simply newrole to secadm_r.
Is this expected/known?
Thanks!
No that is a bug. I think the Level selection is working correctly but
the role selection is broken.
Try hitting carriage return on role and then select and MLS Level.
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
