Hi All,
Thanks for the information.
But after resetting the semanage User/login, and moving the targeted folder
to old one and then install the default target. then also its still showing
the
Id context as context=*system_u:system_r:unconfined_t:s0-s0:c0.c1023.*
*What I observed is after changing the permission using semanage command
also, its still showing the system_u:system_r. *
*Check the semanage login/User output :*
*semanage login -l*
*Login Name SELinux User MLS/MCS Range Service*
*__default__ unconfined_u s0-s0:c0.c1023 **
*root unconfined_u s0-s0:c0.c1023 **
*system_u system_u s0-s0:c0.c1023 **
*semanage user -l*
* Labeling MLS/ MLS/ *
*SELinux User Prefix MCS Level MCS Range
SELinux Roles*
*guest_u user s0 s0
guest_r*
*root user s0 s0-s0:c0.c1023
staff_r sysadm_r system_r unconfined_r*
*staff_u user s0 s0-s0:c0.c1023
staff_r sysadm_r system_r unconfined_r*
*sysadm_u user s0 s0-s0:c0.c1023
sysadm_r*
*system_u user s0 s0-s0:c0.c1023
system_r unconfined_r*
*unconfined_u user s0 s0-s0:c0.c1023
system_r unconfined_r*
*user_u user s0 s0
user_r*
*xguest_u user s0 s0
xguest_r*
Looks like its related to some other issue. What you think about this.
Thanks
Aman
On Sat, Dec 2, 2017 at 1:05 AM, Simon Sekidde <ssekidde at redhat.com>
wrote:
>
>
> ----- Original Message -----
> > From: "Stephen Smalley" <sds at tycho.nsa.gov>
> > To: "Simon Sekidde" <ssekidde at redhat.com>,
"Aman Sharma" <
> amansh.sharma5 at gmail.com>
> > Cc: "SELinux" <selinux at tycho.nsa.gov>
> > Sent: Friday, December 1, 2017 2:28:17 PM
> > Subject: Re: Qwery regarding Selinux Change Id context
> >
> > On Fri, 2017-12-01 at 14:16 -0500, Simon Sekidde wrote:
> > >
> > > ----- Original Message -----
> > > > From: "Aman Sharma" <amansh.sharma5 at
gmail.com>
> > > > To: "SELinux" <selinux at tycho.nsa.gov>
> > > > Sent: Thursday, November 30, 2017 11:26:21 PM
> > > > Subject: Re: Fwd: Qwery regarding Selinux Change Id context
> > > >
> > > > Hi ,
> > > >
> > > > mv /var/lib/selinux/targeted /var/lib/selinux/targeted.old
> > > >
> > > > This targeted folder is not there.
> > > >
> > > > After searching I got the below result :
> > > >
> > > > find / -type d -name "*targeted" -print
> > > >
> > > > /usr/share/selinux/targeted
> > > > /etc/selinux/targeted
> > > >
> > > > Pleas let me know your comments.
> > > >
> > >
> > > Run
> > >
> > > mv /etc/selinux/targeted /etc/selinux/targeted.old
> > > yum reinstall selinux-policy-targeted
> >
> > He already tried that and it allegedly didn't help. It also seems
to
> > leave you without a /etc/selinux/targeted/active/seusers file for some
> > reason, such that semanage login -l shows nothing. But you can
recover
> > by copying /etc/selinux/targeted/seusers to
> > /etc/selinux/targeted/active/seusers. That's a bug.
> >
>
> Interesting. Thanks for spotting this.
>
> > >
> > > Also what does this output show
> > >
> > > ps -aelfZ | grep -i ssh
> > >
> > > >
> > > > On Fri, Dec 1, 2017 at 1:49 AM, Dominick Grift
<dac.override at gmail.
> > > > com>
> > > > wrote:
> > > >
> > > > > On Thu, Nov 30, 2017 at 11:10:43AM +0530, Aman Sharma
wrote:
> > > > > > Hi Stephen,
> > > > > >
> > > > > > After reseting Selinux targeted folder also (the
steps you
> > > > > > mentioned in
> > > > >
> > > > > the
> > > > > > earlier mail), Still its showing the same Id
context i.e.
> > > > > >
> > > > > > *id*
> > > > > > *uid=0(root) gid=0(root) groups=0(root)
> > > > > >
context=system_u:system_r:unconfined_t:s0-s0:c0.c1023*
> > > > > > *[root at cucm2 ~]# id -Z*
> > > > > > *system_u:system_r:unconfined_t:s0-s0:c0.c1023*
> > > > > >
> > > > > > *And semanage login -l is showing blank output. *
> > > > > >
> > > > > > *Do you have any idea about this.*
> > > > > >
> > > > > > *Thanks*
> > > > > > *Aman*
> > > > >
> > > > > Try the same procedure again but this time also do
before
> > > > > reinstalling:
> > > > >
> > > > > mv /var/lib/selinux/targeted
/var/lib/selinux/targeted.old
> > > > >
> > > > > >
> > > > > >
> > > > > > On Wed, Nov 29, 2017 at 11:04 PM, Stephen Smalley
<sds at tycho.ns
> > > > > > a.gov>
> > > > >
> > > > > wrote:
> > > > > >
> > > > > > > On Wed, 2017-11-29 at 22:01 +0530, Aman
Sharma wrote:
> > > > > > > > After resetting boolean also, showing
the same id context.
> > > > > > >
> > > > > > > And did you try fully resetting your policy
as I suggested:
> > > > > > > mv /etc/selinux/targeted
/etc/selinux/targeted.old
> > > > > > > yum reinstall selinux-policy-targeted
> > > > > > > reboot
> > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > On Wed, Nov 29, 2017 at 9:50 PM, Stephen
Smalley <sds at tycho
> > > > > > > > .nsa.gov>
> > > > > > > > wrote:
> > > > > > > > > On Wed, 2017-11-29 at 21:39 +0530,
Aman Sharma wrote:
> > > > > > > > > > Hi Stephen,
> > > > > > > > > >
> > > > > > > > > > After enabling the unconfined
module and after reboot
> > > > > > > > > > also, Still
> > > > > > > > > > showing the same id context.
> > > > > > > > > >
> > > > > > > > > > Is there any way to make the
id context to normal state
> > > > > > > > > > again ?
> > > > > > > > >
> > > > > > > > > Hmmm...try resetting all booleans
too? semanage boolean
> > > > > > > > > -D
> > > > > > > > >
> > > > > > > > > Or you could be drastic and
completely reset your policy:
> > > > > > > > > mv /etc/selinux/targeted
/etc/selinux/targeted.old
> > > > > > > > > yum reinstall
selinux-policy-targeted
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > >
> > > > > > > > Thanks
> > > > > > > > Aman
> > > > > > > > Cell: +91 9990296404 | Email ID :
amansh.sharma5 at gmail.com
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > >
> > > > > > Thanks
> > > > > > Aman
> > > > > > Cell: +91 9990296404 | Email ID : amansh.sharma5
at gmail.com
> > > > >
> > > > > --
> > > > > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C
5F1D 2C7B
> > > > > 6B02
> > > > >
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7
> > > > > B6B02
> > > > > Dominick Grift
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > >
> > > > Thanks
> > > > Aman
> > > > Cell: +91 9990296404 | Email ID : amansh.sharma5 at
gmail.com
> > > >
> > >
> > >
> >
>
> --
> Simon Sekidde
> gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E
>
>
>
--
Thanks
Aman
Cell: +91 9990296404 | Email ID : amansh.sharma5 at gmail.com
--
Thanks
Aman
Cell: +91 9990296404 | Email ID : amansh.sharma5 at gmail.com
--
Thanks
Aman
Cell: +91 9990296404 | Email ID : amansh.sharma5 at gmail.com
