Bug#661289: Is a bug and should be fixed in stable too
Henrik Ahlgren
pablo at seestieto.com
Fri Jun 15 20:05:20 UTC 2012
When I log in, as a normal user, to a Debian Squeeze system using the
standard Gnome display manager/login (which I believe is gdm3), id -Z
reports "system_u:system_r:initrc_t:s0" as the context. If I log in to
the same machine from a text virtual console (Alt-Ctrl-F1), the context
is "unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023" which I
believe to be correct.
If I do "setenforce 1", basically every program stops working in the
Gnome environment (and audit.log gets flooded by various avc errors),
and I assume this is caused by the wrong context. In practice, this
prevents me from using SElinux in a desktop setting.
If this indeed happens due to the fact that /etc/pam.d/gdm3 does not
include any selinux modules, I feel this should not be just a wish list
item, but an important bug, that should also be fixed in stable.
More information about the pkg-gnome-maintainers
mailing list