I was following the Gentoo Wiki page for SELinux/Installation, however I can not get the user contexts to work properly, much like [post=8748196]this post[/post], which seems to imply that PAM is responsible for setting the contexts after login (which my system does not have).
Is PAM a requirement for user contexts to work properly? Installing PAM fixes this.
NOTE: I can manually use
Code: Select all
runcon -u sysadm_u -r sysadm_r -t sysadm_t bash Code: Select all
Failed to set new SELinux execution context. Is your current SELinux context allowed to run Portage?Code: Select all
$ id -Z
system_u:system_r:local_login_t
Code: Select all
# id -Z
system_u:system_r:local_login_t
Code: Select all
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: disabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
Code: Select all
# semanage login -l
Login Name SELinux User
__default__ unconfined_u
<user> staff_u
Code: Select all
# semanage user -l
SELinux User SELinux Roles
root staff_r sysadm_r system_r
staff_u staff_r sysadm_r system_r
sysadm_u sysadm_r
system_u system_r
unconfined_u unconfined_r
user_u user_r
