Ok, I thought this was a known issue but I can't seem to find it mentioned anywhere. I have a F9 system that "su" and "sudo" don't work on. I noticed that my context was user_u rather than unconfined_u: Login on the console as cra: [cra@system 20:25:34 /home/cra]>id uid=10002(cra) gid=10002(cra) groups=1000(netops),2011(mirror),10002(cra) context=user_u:user_r:user_t:s0 [cra@system 20:25:36 /home/cra]>su /bin/su: Permission denied. [cra@system 20:25:37 /home/cra]>sudo sudo: setresuid(ROOT_UID, 1, ROOT_UID): Operation not permitted So I tried to go in as root and fix the context like this: Login on the console as root: [root@system ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 22 Policy from config file: targeted [root@system ~]# setenforce 0 [root@system ~]# semanage login -l Login Name SELinux User MLS/MCS Range __default__ unconfined_u s0 root root s0-s0:c0.c1023 system_u system_u s0-s0:c0.c1023 [root@system ~]# semanage login -m -s unconfined_u root libsemanage.validate_handler: selinux user unconfined_u does not exist (No such file or directory). libsemanage.validate_handler: seuser mapping [root -> (unconfined_u, s0-s0:c0.c1023)] is invalid (No such file or directory). libsemanage.dbase_llist_iterate: could not iterate over records (No such file or directory). /usr/sbin/semanage: Could not modify login mapping for root [root@system ~]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 22 Policy from config file: targeted [root@system ~]# setenforce 1 [root@system ~]# exit But it didn't work as you can see. I'm running these versions: kernel-2.6.25.4-30.fc9.x86_64 selinux-policy-targeted-3.3.1-64.fc9.noarch Can someone please help? Thanks. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
