hi , every body ,I install
selinux-policy-targeted in my F11,and run in enforce mode.
now I want to change selinux context of /tmp/test,but failed.I
thought current shell domain was unconfined_t. then I intend to change my shell
context to root:sysadm_r: sysadm_t ,but also failed.
my project team plan to develop selinux policy for our system based on
selinux-policy.src.rpm. I guess is this package have not been
developed? If it has been
developed ,why I cannot change to sysadm_r:
sysadm_t?
----------------------------------------------------------------------------
[root@localhost ~]# ls -lZ /tmp/testselinux
root root unconfined_u:object_r:user_t:user_tmp_t: s0
/tmp/testselinux
[root@localhost ~]#chcon unconfined_u:object_r:mytest_t
/tmp/testselinux
chcon:failed to change context of '/tmp/testselinux' to
'unconfined_u:object_r:testselinux: s0 : permission denied
## here mytest_t defined in myapp.pp,which has successfully loaded by
"semodule -i myapp.pp"
[root@localhost ~]# newrole -r sysadm_r -t sysadm_t
unconfined_u:unconfined_r:unconfined_t: s0 is not valid context
[root@localhost ~]# semanage login -m -s root -r s0-s0:c0.c1023 root
after reboot, graphic terminal cannot run. audit says that
system_u:system_r: xdm_t require "read" permission for
system_u:object_r:httpd_sys_content_t.
[root@localhost ~]# id
context= root:unconfined_r:unconfined_t: s0-s0:c0-c1023
[root@localhost ~]# newrole -r sysadm_r -t sysadm_t
failed to exec shell: permission denied
2009-09-02
zheyeung
|
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list