I was following the Gentoo Wiki page for SELinux/Installation, however I can not get the user contexts to work properly, much like this post, which seems to imply that PAM is responsible for setting the contexts after login (which my system does not have).
Is PAM a requirement for user contexts to work properly? Installing PAM fixes this.
NOTE: I can manually use
Code: Select all
runcon -u sysadm_u -r sysadm_r -t sysadm_t bash Code: Select all
Failed to set new SELinux execution context. Is your current SELinux context allowed to run Portage?Code: Select all
$ id -Z
system_u:system_r:local_login_t
Code: Select all
# id -Z
system_u:system_r:local_login_t
Code: Select all
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: disabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
Code: Select all
# semanage login -l
Login Name SELinux User
__default__ unconfined_u
<user> staff_u
Code: Select all
# semanage user -l
SELinux User SELinux Roles
root staff_r sysadm_r system_r
staff_u staff_r sysadm_r system_r
sysadm_u sysadm_r
system_u system_r
unconfined_u unconfined_r
user_u user_r
