Re: pam_selinux(sshd:session): Error! Unable to set executable context

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/18/2012 02:25 PM, Radha Venkatesh (radvenka) wrote:
> Dan,
> 
> No, we have not set up /etc/selinux/strict/contexts/users/specialuser_u (we
> are using strict policy).
> 
> 
> But, it should fall back to the
> /etc/selinux/strict/contexts/default_contexts then. Would that not work?
> The defaults_contexts looks like this
> 
> system_r:sulogin_t:s0   sysadm_r:sysadm_t:s0 system_r:local_login_t:s0
> staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
> system_r:remote_login_t:s0      user_r:user_t:s0 staff_r:staff_t:s0 
> system_r:sshd_t:s0              user_r:user_t:s0 staff_r:staff_t:s0
> sysadm_r:sysadm_t:s0 system_r:crond_t:s0     user_r:user_crond_t:s0
> staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0
> system_r:system_crond_t:s0 mailman_r:user_crond_t:s0 system_r:xdm_t:s0
> staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
> staff_r:staff_su_t:s0   staff_r:staff_t:s0 user_r:user_t:s0
> sysadm_r:sysadm_t:s0 sysadm_r:sysadm_su_t:s0 staff_r:staff_t:s0
> user_r:user_t:s0 sysadm_r:sysadm_t:s0 user_r:user_su_t:s0
> staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 
> sysadm_r:sysadm_sudo_t:s0       sysadm_r:sysadm_t:s0 
> staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 
> user_r:user_sudo_t:s0   sysadm_r:sysadm_t:s0 user_r:user_t:s0
> 
> Thanks, Radha.
> 
> -----Original Message----- From: Daniel J Walsh [mailto:dwalsh@xxxxxxxxxx]
>  Sent: Thursday, October 18, 2012 10:43 AM To: Radha Venkatesh (radvenka) 
> Cc: selinux@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: pam_selinux(sshd:session):
> Error! Unable to set executable context
> 
> On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
> 
> 
>> We have an selinux user specialuser_u defined. The outputs of the
>> semanage command are as seen below
> 
> 
> 
>> semanager user –l
> 
> 
> 
>> admin_u         user       s0         SystemLow-SystemHigh system_r
>> sysadm_r
> 
>> guest_u         guest      s0         s0 guest_r
> 
>> remotesupport_u user       s0         SystemLow-SystemHigh system_r
>> sysadm_r
> 
>> root            sysadm     s0         SystemLow-SystemHigh system_r
>> sysadm_r
> 
>> specialuser_u   user       s0         s0 system_r sysadm_r
> 
>> staff_u         staff      s0         SystemLow-SystemHigh sysadm_r
>> staff_r
> 
>> sysadm_u        sysadm     s0         SystemLow-SystemHigh sysadm_r
> 
>> system_u        user       s0         SystemLow-SystemHigh system_r
> 
> 
> 
> I have no idea what the random chars are, but did you setup a 
> /etc/selinux/targeted/contexts/users/specialuser_u file?
> 
> 

Yes you are right.  One curious thing, you say you are logging in as
specialuser_u, but your log shows.


 ialuser_u:sysadm_r:sysadm_t  Which seems strange.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCAVxcACgkQrlYvE4MpobPmDACguivHu5/cVuxU9q63EPA6o0ty
3/4AoJ1kE3Wrzgx8DV5MUWpvi9KCm14F
=j/df
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux