Preeti Malakar wrote:
Sir,
Can anyone explain the following result, why root has to change
the type along with role sysadm_r role . Why does it say "couldnt get
default type" in the first case
[root@pryber ~]# id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
context=root:system_r:unconfined_t
[root@pryber ~]# id -Z
root:system_r:unconfined_t
[root@pryber ~]# grep ^role
/etc/selinux/targeted/src/policy/policy.conf | cut -f2 "-d " | sort -u
sysadm_r
system_r
user_r
[root@pryber ~]# newrole -r sysadm_r
Couldn't get default type.
[root@pryber ~]# newrole -r sysadm_r -t sysadm_t
Authenticating root.
Password:
[root@pryber ~]# id -Z
root:sysadm_r:unconfined_t
Because we don't really use roles in targeted policy. Newrole uses the
default_type file for discovering the default type for a particular role
in strict policy the file looks like:
> more /etc/selinux/strict/contexts/default_type
secadm_r:secadm_t
sysadm_r:sysadm_t
staff_r:staff_t
user_r:user_t
nurse_r:user_t
In targeted
> more /etc/selinux/targeted/contexts/default_type
system_r:unconfined_t
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
