With a recent update of CentOS4, su's behavior has changed, in that after prompting for password, also prompts for (selinux?) context. I'm seeing something like: $ su Password: Your default context is root:system_r:unconfined_t. Do you want to choose a different one? [n] kde's kdesu barfs on this second prompt. Any way to disable this second prompt? -- Rex
Weird, I'm not seeing this... On Mon, 23 Jan 2006, Rex Dieter wrote:> With a recent update of CentOS4, su's behavior has changed, in that after > prompting for password, also prompts for (selinux?) context. I'm seeing > something like: > $ su > Password: > Your default context is root:system_r:unconfined_t. > > Do you want to choose a different one? [n] > > > kde's kdesu barfs on this second prompt. Any way to disable this second > prompt? > > -- Rex > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
Daniel J Walsh wrote:>>> On Mon, 23 Jan 2006, Rex Dieter wrote: >>> >>> >>>> With a recent update of CentOS4, su's behavior has changed, in that >>>> after >>>> prompting for password, also prompts for (selinux?) context. I'm >>>> seeing something like: >>>> $ su >>>> Password: >>>> Your default context is root:system_r:unconfined_t. >>>> >>>> Do you want to choose a different one? [n] >>>> >>>> >>>> kde's kdesu barfs on this second prompt. Any way to disable this >>>> second prompt?> Remove multiple from the pam file.editing /etc/pam.d/su, changing session required /lib/security/$ISA/pam_selinux.so open multiple to session required /lib/security/$ISA/pam_selinux.so open Did the trick, thanks Dan! # rpm -q -f /etc/pam.d/su coreutils-5.2.1-31.2 A bug in coreutils-5.2.1-31.2 then? -- Rex
Daniel J Walsh wrote: >>> On Mon, 23 Jan 2006, Rex Dieter wrote: >>>> With a recent update of CentOS4, su's behavior has changed, in that >>>> after >>>> prompting for password, also prompts for (selinux?) context. I'm >>>> seeing something like: >>>> $ su >>>> Password: >>>> Your default context is root:system_r:unconfined_t. >>>> >>>> Do you want to choose a different one? [n] >>>> >>>> kde's kdesu barfs on this second prompt. Any way to disable this >>>> second prompt? > Remove multiple from the pam file. editing /etc/pam.d/su, changing session required /lib/security/$ISA/pam_selinux.so open multiple to session required /lib/security/$ISA/pam_selinux.so open Did the trick, thanks Daniel! # rpm -q -f /etc/pam.d/su coreutils-5.2.1-31.2 A bug in coreutils-5.2.1-31.2 then? -- Rex
On Wed, 2006-25-01 at 12:06 -0500, Daniel J Walsh wrote:> >> Remove multiple from the pam file. > >> > > > > editing /etc/pam.d/su, changing > > session required /lib/security/$ISA/pam_selinux.so open multiple > > to > > session required /lib/security/$ISA/pam_selinux.so open > > > > Did the trick, thanks Dan! > > > > # rpm -q -f /etc/pam.d/su > > coreutils-5.2.1-31.2 > > > > > You can actually remove the pam_selinux.so lines from the su file > altogether. We have done this for FC5 and it works > fine. In strict or MLS Policy you will be required to run newrole but > in targeted everything should just work.I'm seeing the same behaviour with telnetd. I had to install it for a client that runs a text based app which Windows users telnet into (it's only open to the local network, and the app loads immediately after login). When a user logs in via telnet, the same question appears. I told my client to just accept the default answer, which is "no". Ideally, I'd like to remove the option all together. I assume it's possible to turn it off like it was for "su", but I'm not sure which file to edit. /etc/pam.d/login looks like the closest one, specifically this line: # pam_selinux.so open should be the last session rule session required pam_selinux.so multiple open I'm not sure though. Any tips? Regards, Ranbir -- Kanwar Ranbir Sandhu Linux 2.6.14-1.1656_FC4 i686 GNU/Linux 16:34:54 up 9:34, 5 users, load average: 0.06, 0.35, 0.43