levels in targeted mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am using RHEL5 with SELINUXTYPE=targeted in enforcing mode.

If I ssh as root to that host, id -Z reports
        root:system_r:unconfined_t:SystemLow-SystemHigh
which includes a level.

If I ssh as a user to that same host, id -Z reports
        user_u:system_r:unconfined_t
which does not include a level.

As that user, If I su -, id -z reports
        user_u:system_r:unconfined_t

If I then execute:
        newrole -l SystemLow-SystemHigh
I get an error:
        Error: you are not allowed to change levels on a non secure terminal

I get the same behavior from sudo bash.


Questions:
1: Does root's SystemLow-SystemHigh level actually mean anything in targeted mode?
2: Why does newrole consider the ssh terminal insecure, when ssh as root will give me the "full level"?
3: Is there a way to get from not having a level to SystemLow-SystemHigh?



Thanks
Brian



--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux