When I log in, as a normal user, to a Debian Squeeze system using the standard Gnome display manager/login (which I believe is gdm3), id -Z reports "system_u:system_r:initrc_t:s0" as the context. If I log in to the same machine from a text virtual console (Alt-Ctrl-F1), the context is "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023" which I believe to be correct.
If I do "setenforce 1", basically every program stops working in the Gnome environment (and audit.log gets flooded by various avc errors), and I assume this is caused by the wrong context. In practice, this prevents me from using SElinux in a desktop setting. If this indeed happens due to the fact that /etc/pam.d/gdm3 does not include any selinux modules, I feel this should not be just a wish list item, but an important bug, that should also be fixed in stable. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
