From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Qs0B7-0006Nl-FS for garchives@archives.gentoo.org; Fri, 12 Aug 2011 22:26:09 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F2CB921C15C; Fri, 12 Aug 2011 22:25:52 +0000 (UTC) Received: from mail-iy0-f175.google.com (mail-iy0-f175.google.com [209.85.210.175]) by pigeon.gentoo.org (Postfix) with ESMTP id 499EF21C10C for ; Fri, 12 Aug 2011 22:25:27 +0000 (UTC) Received: by iyn15 with SMTP id 15so2231678iyn.20 for ; Fri, 12 Aug 2011 15:25:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=yFslR66ernWOspvAD8H9hGsnh2x03loohS8tvcX50HM=; b=HLrC49kpXV/JFl9SRs2epqAR0uf8HB4p6uC4Y6blbzoeujsqGgdJ4IME8REdAa61V5 igUOPVg+tmtEIDWZaBhdL5AGwUjKWKnnnCd7Ee33YqTNOusuEurEKX9uwpJSIqVA8UNr gT5qmWGplI6z/OT+udqmMI3LXuQqv+/ZnAaR8= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.231.0.221 with SMTP id 29mr2704230ibc.56.1313187926560; Fri, 12 Aug 2011 15:25:26 -0700 (PDT) Sender: sven.j.vermeulen@gmail.com Received: by 10.231.58.213 with HTTP; Fri, 12 Aug 2011 15:25:26 -0700 (PDT) In-Reply-To: <20110811192531.0f6ac64c@studio11c> References: <201108102057.46586.mail@smogura.eu> <20110811143809.4b45500f@studio11c> <20110811192531.0f6ac64c@studio11c> Date: Sat, 13 Aug 2011 00:25:26 +0200 X-Google-Sender-Auth: 2IKXBFrJakDsHhZUxjmWCjDkDDQ Message-ID: Subject: Re: [gentoo-hardened] SeLinux system_u:system_r:initrc_t inside KDE From: Sven Vermeulen To: gentoo-hardened@lists.gentoo.org Content-Type: multipart/alternative; boundary=00151773d3d2e2d13104aa5663ca X-Archives-Salt: X-Archives-Hash: f1f875a3e9c53d8388906fe8961c05a0 --00151773d3d2e2d13104aa5663ca Content-Type: text/plain; charset=ISO-8859-1 On Thu, Aug 11, 2011 at 7:25 PM, Udo Siewert wrote: > /usr/bin/kdm system_u:object_r:xdm_exec_t > /usr/bin/xdm system_u:object_r:xdm_exec_t > > When starting KDE by /etc/init.d/xdm 'id -Z' -> > system_u:system_r:xdm_t > > and all KDE processes -> system_u:system_r:xdm_t > Hmm... assuming xdm works through some PAM configuration, can you tell me how /etc/conf.d/xdm (or kdm, gdm, whatever) looks like? If it doesn't source system-auth (which is where we put the pam_selinux.so call in) that might be the reason... Wkr, Sven Vermeulen --00151773d3d2e2d13104aa5663ca Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Thu, Aug 11, 2011 at 7:25 PM, Udo Siewert <algenib@lavabit.c= om> wrote:
/usr/bin/kdm system_u:object_r:xdm_exec_t
/usr/bin/xdm system_u:object_r:xdm_exec_t

When starting KDE by /etc/init.d/xdm =A0'id -Z' ->
system_u:system_r:xdm_t

and all KDE processes -> system_u:system_r:xdm_t
Hmm... assuming xdm works through some PAM configuration, can you tell me= how /etc/conf.d/xdm (or kdm, gdm, whatever) looks like?

If it doesn= 't source system-auth (which is where we put the pam_selinux.so call in= ) that might be the reason...

Wkr,
=A0 Sven Vermeulen
--00151773d3d2e2d13104aa5663ca--