Hi, On SELinux enabled system, login applications need to call selinux pam module during the opening of the session to correctly set the user's security context. In Debian the "login" service is already doing this, but desktop managers are not.
I would propose to add the needed call to the pam_selinux module in DM pam services by default. This pam module is installed in the libpam-modules package, which is (I think) installed by default on every system. On a system where SELinux is disabled, the pam module should return a success. The pam module needs to be called twice, please see the login pam service or my patch[0] for gdm3. The module can be 'require'ed if we are sure it's installed on the system. Any input on this? Cheers Laurent Bigonville [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661289 -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120308201310.75f9a...@fornost.bigon.be
