Hi All,
Thanks for the information.
But after resetting the semanage User/login, and moving the targeted folder to old one and then install the default target. then also its still showing the Id context as context=*system_u:system_r:unconfined_t:s0-s0:c0.c1023.*
*What I observed is after changing the permission using semanage command also, its still showing the system_u:system_r. *
*Check the semanage login/User output :*
*semanage login -l*
*Login Name SELinux User MLS/MCS Range Service*
*__default__ unconfined_u s0-s0:c0.c1023 ** *root unconfined_u s0-s0:c0.c1023 ** *system_u system_u s0-s0:c0.c1023 **
*semanage user -l*
* Labeling MLS/ MLS/ * *SELinux User Prefix MCS Level MCS Range SELinux Roles*
*guest_u user s0 s0 guest_r* *root user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r* *staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r* *sysadm_u user s0 s0-s0:c0.c1023 sysadm_r* *system_u user s0 s0-s0:c0.c1023 system_r unconfined_r* *unconfined_u user s0 s0-s0:c0.c1023 system_r unconfined_r* *user_u user s0 s0 user_r* *xguest_u user s0 s0 xguest_r*
Looks like its related to some other issue. What you think about this.
Thanks Aman
On Sat, Dec 2, 2017 at 1:05 AM, Simon Sekidde ssekidde@redhat.com wrote:
----- Original Message -----
From: "Stephen Smalley" sds@tycho.nsa.gov To: "Simon Sekidde" ssekidde@redhat.com, "Aman Sharma" <
amansh.sharma5@gmail.com>
Cc: "SELinux" selinux@tycho.nsa.gov Sent: Friday, December 1, 2017 2:28:17 PM Subject: Re: Qwery regarding Selinux Change Id context
On Fri, 2017-12-01 at 14:16 -0500, Simon Sekidde wrote:
----- Original Message -----
From: "Aman Sharma" amansh.sharma5@gmail.com To: "SELinux" selinux@tycho.nsa.gov Sent: Thursday, November 30, 2017 11:26:21 PM Subject: Re: Fwd: Qwery regarding Selinux Change Id context
Hi ,
mv /var/lib/selinux/targeted /var/lib/selinux/targeted.old
This targeted folder is not there.
After searching I got the below result :
find / -type d -name "*targeted" -print
/usr/share/selinux/targeted /etc/selinux/targeted
Pleas let me know your comments.
Run
mv /etc/selinux/targeted /etc/selinux/targeted.old yum reinstall selinux-policy-targeted
He already tried that and it allegedly didn't help. It also seems to leave you without a /etc/selinux/targeted/active/seusers file for some reason, such that semanage login -l shows nothing. But you can recover by copying /etc/selinux/targeted/seusers to /etc/selinux/targeted/active/seusers. That's a bug.
Interesting. Thanks for spotting this.
Also what does this output show
ps -aelfZ | grep -i ssh
On Fri, Dec 1, 2017 at 1:49 AM, Dominick Grift <dac.override@gmail. com> wrote:
On Thu, Nov 30, 2017 at 11:10:43AM +0530, Aman Sharma wrote:
Hi Stephen,
After reseting Selinux targeted folder also (the steps you mentioned in
the
earlier mail), Still its showing the same Id context i.e.
*id* *uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:unconfined_t:s0-s0:c0.c1023* *[root@cucm2 ~]# id -Z* *system_u:system_r:unconfined_t:s0-s0:c0.c1023*
*And semanage login -l is showing blank output. *
*Do you have any idea about this.*
*Thanks* *Aman*
Try the same procedure again but this time also do before reinstalling:
mv /var/lib/selinux/targeted /var/lib/selinux/targeted.old
On Wed, Nov 29, 2017 at 11:04 PM, Stephen Smalley <sds@tycho.ns a.gov>
wrote:
> On Wed, 2017-11-29 at 22:01 +0530, Aman Sharma wrote: > > After resetting boolean also, showing the same id context. > > And did you try fully resetting your policy as I suggested: > mv /etc/selinux/targeted /etc/selinux/targeted.old > yum reinstall selinux-policy-targeted > reboot > > > > > > > On Wed, Nov 29, 2017 at 9:50 PM, Stephen Smalley <sds@tycho > > .nsa.gov> > > wrote: > > > On Wed, 2017-11-29 at 21:39 +0530, Aman Sharma wrote: > > > > Hi Stephen, > > > > > > > > After enabling the unconfined module and after reboot > > > > also, Still > > > > showing the same id context. > > > > > > > > Is there any way to make the id context to normal state > > > > again ? > > > > > > Hmmm...try resetting all booleans too? semanage boolean > > > -D > > > > > > Or you could be drastic and completely reset your policy: > > > mv /etc/selinux/targeted /etc/selinux/targeted.old > > > yum reinstall selinux-policy-targeted > > > > > > > > > > > -- > > > > Thanks > > Aman > > Cell: +91 9990296404 | Email ID : amansh.sharma5@gmail.com
--
Thanks Aman Cell: +91 9990296404 | Email ID : amansh.sharma5@gmail.com
-- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7 B6B02 Dominick Grift
--
Thanks Aman Cell: +91 9990296404 | Email ID : amansh.sharma5@gmail.com
-- Simon Sekidde gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E