[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

how to run the pam_selinux_check to test SELINUX



Hi all,

I enabled the SELINUX on my FedoraCore4, and test pam_selinux_check.c
(distributed with Linux-PAM-0.99). However, it seems that it doesn't
work, and I have no idea how to do next.

The configuration steps about SELINUX:

1. After I installed my FC4, I set the SELINUX=enforcing in
/etc/sysconfig/selinux;

2. reboot my system. It seems that SELINUX have take in effect, the
FC4 checked and labeled the filesystem...

Then, I configured the PAM in /etc/pam.d/. My steps are as following:

1. create a new PAM configuration file in /etc/pam.d/, named
pam_selinux_check, and edited it as follows:

session  sufficient  pam_selinux.so

2. compile the pam_selinux_check.c

OK. Now I tested the pam_selinux_check and want to see some work
details about SELINUX.

#  ./pam_selinux_check
#                                    /*  <--  nothing happen */

Again, test it with a parameter

# ./pam_selinux_check  tom
#                                   /*  <--  nothing happed too */

did it righ?

I don't know what I have missed in my configuring the selinux and pam.
Maybe, one of the missing is that I just set enforcing in
/etc/sysconfig/selinux, not together with setting SELINUXTYPE=strict.
However, when I set SELINUXTYPE=strict, I got a error message at
booting and system dump. The error message said, I have set nothing
about strict policy.
But I don't know how to install strict policy.

I just test the functionalities about selinux MAC enforcement, so
where can I download a simple strict policy, and how to install in my
FC4+SELINUX?

As for PAM, it seems the configuration file is right, since I found
the pam_selinux.so only built the PAM session hooks.

I don't know what wrong with it, could anybody give me some advices?


Thanks in advance,

Ian

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

Add to Google Powered by Linux