'Re: Weird SELinux problem after upgrade to F9'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-selinux-list
Subject:    Re: Weird SELinux problem after upgrade to F9
From:       Daniel J Walsh <dwalsh () redhat ! com>
Date:       2008-06-12 13:53:00
Message-ID: 48512A3C.20307 () redhat ! com
[Download RAW message or body]

Kayvan A. Sylvan wrote:
> On Wed, Jun 04, 2008 at 03:13:08PM -0400, Daniel J Walsh wrote:
>> You might need to check your user database
>>
>> semanage user -l
>> semanage login -l
> 
> I do not know anything about how this is supposed to look. Here is
> what the commands report:
> 
> [root@satyr ~]# semanage user -l
> 
>                 Labeling   MLS/       MLS/                          
> SELinux User    Prefix     MCS Level  MCS Range                      SELinux Roles
> 
> root            user       s0         SystemLow-SystemHigh           system_r sysadm_r user_r
> system_u        user       s0         SystemLow-SystemHigh           system_r
> user_u          user       s0         SystemLow-SystemHigh           system_r sysadm_r user_r
> 
> [root@satyr ~]# semanage login -l
> 
> Login Name                SELinux User              MLS/MCS Range            
> 
> __default__               user_u                    s0                       
> root                      root                      -s0:c0.c255              
> system_u                  system_u                  SystemLow-SystemHigh     
> 

Kayvan A. Sylvan wrote:
> On Wed, Jun 04, 2008 at 03:13:08PM -0400, Daniel J Walsh wrote:
>> You might need to check your user database
>>
>> semanage user -l
>> semanage login -l
>
> I do not know anything about how this is supposed to look. Here is
> what the commands report:
>
> [root@satyr ~]# semanage user -l
>
>                 Labeling   MLS/       MLS/
> SELinux User    Prefix     MCS Level  MCS Range
SELinux Roles
>
> root            user       s0         SystemLow-SystemHigh
system_r sysadm_r user_r
> system_u        user       s0         SystemLow-SystemHigh
system_r
> user_u          user       s0         SystemLow-SystemHigh
system_r sysadm_r user_r
>
> [root@satyr ~]# semanage login -l
>
> Login Name                SELinux User              MLS/MCS Range

>
> __default__               user_u                    s0

> root                      root                      -s0:c0.c255

> system_u                  system_u
SystemLow-SystemHigh
>
This is an upgrade problem.

For some reason the selinux policy trigger did not fire so the default
login on your machine is not setup for unconfined users.

If you execute the following three commands it should fix your system

# semanage user -a -S targeted -P user -R "unconfined_r system_r"
-r0-s0:c0.c1023 unconfined_u
# semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023
__default__
# semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023 root

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[prev in list] [next in list] [prev in thread] [next in thread] 