-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/18/2012 02:25 PM, Radha Venkatesh (radvenka) wrote: > Dan, > > No, we have not set up /etc/selinux/strict/contexts/users/specialuser_u (we > are using strict policy). > > > But, it should fall back to the > /etc/selinux/strict/contexts/default_contexts then. Would that not work? > The defaults_contexts looks like this > > system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0 system_r:local_login_t:s0 > staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 > system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 > system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 > sysadm_r:sysadm_t:s0 system_r:crond_t:s0 user_r:user_crond_t:s0 > staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 > system_r:system_crond_t:s0 mailman_r:user_crond_t:s0 system_r:xdm_t:s0 > staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 > staff_r:staff_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 > sysadm_r:sysadm_t:s0 sysadm_r:sysadm_su_t:s0 staff_r:staff_t:s0 > user_r:user_t:s0 sysadm_r:sysadm_t:s0 user_r:user_su_t:s0 > staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0 > sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0 > staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 > user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0 > > Thanks, Radha. > > -----Original Message----- From: Daniel J Walsh [mailto:dwalsh@xxxxxxxxxx] > Sent: Thursday, October 18, 2012 10:43 AM To: Radha Venkatesh (radvenka) > Cc: selinux@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: pam_selinux(sshd:session): > Error! Unable to set executable context > > On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote: > > >> We have an selinux user specialuser_u defined. The outputs of the >> semanage command are as seen below > > > >> semanager user –l > > > >> admin_u user s0 SystemLow-SystemHigh system_r >> sysadm_r > >> guest_u guest s0 s0 guest_r > >> remotesupport_u user s0 SystemLow-SystemHigh system_r >> sysadm_r > >> root sysadm s0 SystemLow-SystemHigh system_r >> sysadm_r > >> specialuser_u user s0 s0 system_r sysadm_r > >> staff_u staff s0 SystemLow-SystemHigh sysadm_r >> staff_r > >> sysadm_u sysadm s0 SystemLow-SystemHigh sysadm_r > >> system_u user s0 SystemLow-SystemHigh system_r > > > > I have no idea what the random chars are, but did you setup a > /etc/selinux/targeted/contexts/users/specialuser_u file? > > Yes you are right. One curious thing, you say you are logging in as specialuser_u, but your log shows. ialuser_u:sysadm_r:sysadm_t Which seems strange. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCAVxcACgkQrlYvE4MpobPmDACguivHu5/cVuxU9q63EPA6o0ty 3/4AoJ1kE3Wrzgx8DV5MUWpvi9KCm14F =j/df -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
