From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-3488-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1QsaK3-00022a-06
	for garchives@archives.gentoo.org; Sun, 14 Aug 2011 13:01:47 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 1615121C146;
	Sun, 14 Aug 2011 13:01:31 +0000 (UTC)
Received: from karen.lavabit.com (karen.lavabit.com [72.249.41.33])
	by pigeon.gentoo.org (Postfix) with ESMTP id B325121C0CF
	for <gentoo-hardened@lists.gentoo.org>; Sun, 14 Aug 2011 13:01:06 +0000 (UTC)
Received: from d.earth.lavabit.com (d.earth.lavabit.com [192.168.111.13])
	by karen.lavabit.com (Postfix) with ESMTP id 1860F11BDBB
	for <gentoo-hardened@lists.gentoo.org>; Sun, 14 Aug 2011 08:01:06 -0500 (CDT)
Received: from studio11c (tor-exit-readme-2wh1.kromyon.net [68.169.35.41])
	by lavabit.com with ESMTP id LJADMSAX6KWL
	for <gentoo-hardened@lists.gentoo.org>; Sun, 14 Aug 2011 08:01:06 -0500
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=lavabit; d=lavabit.com;
  b=4cNpVFnDhoSzYkTVwFo441ygqkIMvVUUIurnO0j7M8b1BCcseeMy3Gyl6WIfQFp9nJAoYv3B9f640j4ZW/h6tTpV0slZKC9JIjE9KuTIvwKpVVtsaulOZ/P66XwOKPBk7qb/pAnc4ck5yjNa+xvobz4hzttavcYW2G9iw8N5Jkw=;
  h=Date:From:To:Subject:Message-ID:In-Reply-To:References:X-Mailer:Mime-Version:Content-Type:Content-Transfer-Encoding;
Date: Sun, 14 Aug 2011 15:00:54 +0200
From: Udo Siewert <algenib@lavabit.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] SeLinux system_u:system_r:initrc_t inside KDE
Message-ID: <20110814150054.1689986d@studio11c>
In-Reply-To: <CAPzO=Nz_kqVtr_WFTRRXwYdkWAX_hk0NjZWoquQy=TFnuyLgBg@mail.gmail.com>
References: <201108102057.46586.mail@smogura.eu>
	<20110811192531.0f6ac64c@studio11c>
	<CAPzO=Ny7vzeH6NzxwgMq+D=CRmueKQ+3ZNM24Lg3Nnm98F00BQ@mail.gmail.com>
	<8488509.YlHQJiIbuf@platypus>
	<CAPzO=Nz_kqVtr_WFTRRXwYdkWAX_hk0NjZWoquQy=TFnuyLgBg@mail.gmail.com>
X-Mailer: Claws Mail 3.7.9 (GTK+ 2.24.4; x86_64-pc-linux-gnu)
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 
X-Archives-Hash: 9a20ff65e65f9da18a6b50cf77bc3641

On Sun, 14 Aug 2011 11:25:26 +0200
Sven Vermeulen <sven.vermeulen@siphos.be> wrote:

> On Sat, Aug 13, 2011 at 8:33 PM, Mike Edenfield <kutulu@kutulu.org>
> wrote:
> 
> > My system-auth doesn't have anything about SELinux in it. The
> > pam_selinux.so
> > calls are in system-login. This looks like what pambase is supposed
> > to be doing. system-login.in has these:
> >
> > #if HAVE_SELINUX
> > session         required        pam_selinux.so close
> > #endif
> >
> > and system-auth.in doesn't.
> >
> > Which one should kdm/gdm be using? Right now /etc/pam.d/kde pulls in
> > system-
> > auth. Can I just move the pam_selinux calls?
> >
> >
> If you do, does it break things (like logon through terminals)?
> If not, does it fix the KDM logons?

AFAIC it doesn't break anything so far and KDM logons via xdm do have
the proper security contexts.

Regards,

Udo