> On Thursday, February 20, 2014 2:36 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 02/20/2014 03:46 PM, Andy Ruch wrote: >> >> >> >> >> On Thursday, February 20, 2014 1:38 PM, Daniel J Walsh > <dwalsh@xxxxxxxxxx> >> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> On 02/19/2014 11:56 AM, Andy Ruch wrote: >>>> Hello, >>>> >>>> I have a policy that was originally written for RHEL 6.2. I’m now >>>> trying to upgrade to RHEL 6.5 and I’m having problems with > semanage. I >>>> can install a fresh RHEL 6.5 system with the targeted policy and >>>> everything works fine. I then uninstall the targeted policy and > install >>>> my policy and I can’t link the linux user and selinux user. >>>> >>>>>> semanage user –a -R sysadm_r -R staff_r -r s0-s0:c0.c1023 >>>>>> testuser_u useradd -G wheel testuser semanage login -a -r >>>>>> s0-s0:c0.c1023 -s testuser_u testuser >>>> libsemanage.dbase_llist_query: could not query record value >>>> /usr/sbin/semanage: Could not query user for testuser >>>> >>>> >>>> I have the RHEL 6.5 source code for libsemanage and the targeted > policy >>>> but so far I haven't been able to find differences that would > affect >>>> this problem. Could someone please point me in the right direction > as >>>> far as what semanage is expecting? What would prevent libsemanage > from >>>> querying for the user? >>>> >>>> Thanks, Andy >>>> >>>> >>>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>>> >>> What does semanage login -l and semanage user -l show? -----BEGIN PGP >>> SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird > - >>> http://www.enigmail.net/ >>> >>> iEYEARECAAYFAlMGZ6gACgkQrlYvE4MpobPPDACfZf1lDin/LicVoZbykbsMS2rX >>> OuoAoIIa11SrGGVgJiFblx4aCFjPWF9o =iiCj -----END PGP SIGNATURE----- >>> >> >> semanage user -l shows: >> >> >> Labeling MLS/ MLS/ SELinux User Prefix MCS Level MCS Range >> SELinux Roles >> >> root user s0 s0-s0:c0.c1023 >> system_r system_u user s0 s0-s0:c0.c1023 >> system_r testuser_u user s0 s0-s0:c0.c1023 >> staff_r sysadm_r user_u user s0 s0 >> user_r >> >> >> >> semanage login -l shows: >> >> >> Login Name SELinux User MLS/MCS Range >> >> >> root root s0-s0:c0.c1023 >> system_u system_u s0-s0:c0.c1023 >> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux >> >> > And the testuser exists in /etc/passwd? > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlMGdVYACgkQrlYvE4MpobPSyQCgkQxSuJh2rUYvkDcNjCo2aeai > DugAniPjTv6IbODBn+ADnsIPdpf1M55a > =TUJs > > -----END PGP SIGNATURE----- > Yes. The commands "semanage user -a" and "useradd" appear to work fine. It's the "semanage login -a" that has trouble. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
