Package: selinux-policy-refpolicy-targeted Version: 0.0.20080314-1 Severity: important
The targeted policy does not set the context of users to unconfined_t as expected. In stead the context for users logged in on the console is local_login_t and for users logged in through SSH it is system_chkpwd_t. This is a list of policies loaded as given by semodule -l: acct 1.1.0 ada 1.2.0 afs 1.2.0 aide 1.3.1 alsa 1.3.1 amanda 1.8.0 amavis 1.5.1 apache 1.9.0 apcupsd 1.3.0 apm 1.6.0 arpwatch 1.5.0 asterisk 1.4.0 audio_entropy 1.3.0 authbind 1.1.0 automount 1.8.0 avahi 1.8.0 awstats 1.0.0 backup 1.2.1 bind 1.6.0 bitlbee 1.0.0 bluetooth 2.0.0 brctl 1.1.1 calamaris 1.2.0 canna 1.6.0 ccs 1.3.0 cdrecord 1.4.0 cipe 1.4.0 clamav 1.6.0 clockspeed 1.3.0 comsat 1.4.0 consolekit 1.3.0 courier 1.4.0 cpucontrol 1.3.0 cups 1.9.0 cvs 1.6.0 cyrus 1.5.0 daemontools 1.2.0 dante 1.4.0 dbskk 1.4.0 dbus 1.8.0 dcc 1.5.0 ddclient 1.4.0 ddcprobe 1.1.0 dhcp 1.5.0 dictd 1.5.0 distcc 1.5.0 djbdns 1.2.0 dmidecode 1.3.0 dnsmasq 1.5.0 dovecot 1.7.1 ethereal 1.4.0 evolution 1.5.0 exim 1.0.1 fail2ban 1.1.0 fetchmail 1.5.0 finger 1.6.0 ftp 1.7.0 games 1.5.0 gatekeeper 1.4.0 gift 1.3.0 gnome 1.3.0 gpg 1.5.0 gpm 1.4.0 hal 1.9.0 hotplug 1.7.0 howl 1.5.0 i18n_input 1.5.0 imaze 1.4.0 inetd 1.6.0 inn 1.5.0 irc 1.4.0 ircd 1.4.0 irqbalance 1.2.0 iscsid 1.3.1 jabber 1.4.0 java 1.7.0 kerberos 1.6.0 ktalk 1.6.0 kudzu 1.5.0 ldap 1.6.0 loadkeys 1.3.1 lockdev 1.2.0 logwatch 1.7.0 lpd 1.8.0 lvm 1.8.0 mailman 1.4.0 mono 1.4.0 monop 1.4.0 mozilla 1.5.0 mplayer 1.4.0 mrtg 1.3.0 munin 1.4.0 mysql 1.6.0 nagios 1.5.0 nessus 1.4.0 netlabel 1.1.0 netutils 1.6.0 networkmanager 1.9.0 nis 1.6.0 nscd 1.6.0 nsd 1.4.0 ntop 1.5.0 ntp 1.5.0 nx 1.2.0 oav 1.5.0 oddjob 1.4.0 openca 1.1.0 openct 1.2.0 openvpn 1.5.0 pcmcia 1.4.0 pcscd 1.3.0 pegasus 1.5.0 perdition 1.4.0 portmap 1.6.0 portslave 1.4.0 postfix 1.8.0 postfixpolicyd 1.0.0 postgresql 1.5.0 postgrey 1.4.0 ppp 1.6.1 prelink 1.5.0 privoxy 1.5.1 procmail 1.8.0 publicfile 1.1.0 pxe 1.2.0 pythonsupport 0.0.1 pyzor 1.5.0 qmail 1.3.0 quota 1.3.0 radius 1.6.1 radvd 1.6.1 raid 1.5.0 razor 1.4.0 rdisc 1.5.0 readahead 1.5.0 remotelogin 1.4.1 resmgr 1.2.0 rhgb 1.6.0 rlogin 1.6.0 roundup 1.4.0 rpc 1.7.1 rpcbind 1.1.0 rpm 1.8.0 rshd 1.5.0 rssh 1.1.0 rsync 1.6.0 rwho 1.3.1 samba 1.7.1 sasl 1.7.1 screen 1.4.0 sendmail 1.7.0 setrans 1.4.0 setroubleshoot 1.6.0 slocate 1.6.0 slrnpull 1.2.0 smartmon 1.4.1 snmp 1.6.1 snort 1.4.0 soundserver 1.4.0 spamassassin 1.9.0 speedtouch 1.2.0 squid 1.5.0 ssh 1.9.0 stunnel 1.5.0 sxid 1.4.0 sysstat 1.2.0 tcpd 1.3.0 telnet 1.6.0 tftp 1.6.1 thunderbird 1.5.0 timidity 1.6.0 tmpreaper 1.3.0 tor 1.3.1 transproxy 1.4.0 tripwire 1.1.0 tvtime 1.3.0 tzdata 1.2.0 ucspitcp 1.2.0 udev 1.9.0 uml 1.5.0 uptime 1.2.0 usbmodules 1.1.0 usernetctl 1.3.0 uucp 1.6.1 uwimap 1.5.0 vbetool 1.3.0 vmware 1.4.0 vpn 1.7.1 watchdog 1.4.0 webalizer 1.7.0 wine 1.5.0 xen 1.6.0 xfs 1.3.0 xprint 1.4.0 xserver 1.7.0 yam 1.2.0 zabbix 1.1.0 zebra 1.6.0 All labels on the filesystem are correct. Previous versions of this package had the same problem. Please note that the policy that comes with Fedora Core 8 (3.0.8-44) based on refpolicy 20070629 does work as expected. So this seems to exclude any problems with the libraries. Laurens -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.22-3-486 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages selinux-policy-refpolicy-targeted depends on: ii libpam-modules 0.99.7.1-5 Pluggable Authentication Modules f ii libselinux1 2.0.59-1 SELinux shared libraries ii policycoreutils 2.0.44-1 SELinux core policy utilities ii python 2.4.4-6 An interactive high-level object-o Versions of packages selinux-policy-refpolicy-targeted recommends: ii checkpolicy 2.0.12-1 SELinux policy compiler ii setools 2.4-3 Tresys tools for managing Security -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
