On Wed, 2006-25-01 at 12:06 -0500, Daniel J Walsh wrote:
Remove multiple from the pam file.
editing /etc/pam.d/su, changing session required /lib/security/$ISA/pam_selinux.so open multiple to session required /lib/security/$ISA/pam_selinux.so open
Did the trick, thanks Dan!
# rpm -q -f /etc/pam.d/su coreutils-5.2.1-31.2
You can actually remove the pam_selinux.so lines from the su file altogether. We have done this for FC5 and it works fine. In strict or MLS Policy you will be required to run newrole but in targeted everything should just work.
I'm seeing the same behaviour with telnetd. I had to install it for a client that runs a text based app which Windows users telnet into (it's only open to the local network, and the app loads immediately after login).
When a user logs in via telnet, the same question appears. I told my client to just accept the default answer, which is "no". Ideally, I'd like to remove the option all together.
I assume it's possible to turn it off like it was for "su", but I'm not sure which file to edit. /etc/pam.d/login looks like the closest one, specifically this line:
# pam_selinux.so open should be the last session rule session required pam_selinux.so multiple open
I'm not sure though. Any tips?
Regards,
Ranbir
-
Kanwar Ranbir Sandhu