-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/20/2014 04:44 PM, Andy Ruch wrote: > > > > > >> On Thursday, February 20, 2014 2:36 PM, Daniel J Walsh >> <dwalsh@xxxxxxxxxx> wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 02/20/2014 03:46 PM, Andy Ruch wrote: >>> >>> >>> >>> >>> On Thursday, February 20, 2014 1:38 PM, Daniel J Walsh >> <dwalsh@xxxxxxxxxx> >>> wrote: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> >>>> On 02/19/2014 11:56 AM, Andy Ruch wrote: >>>>> Hello, >>>>> >>>>> I have a policy that was originally written for RHEL 6.2. I’m now >>>>> trying to upgrade to RHEL 6.5 and I’m having problems with >> semanage. I >>>>> can install a fresh RHEL 6.5 system with the targeted policy and >>>>> everything works fine. I then uninstall the targeted policy and >> install >>>>> my policy and I can’t link the linux user and selinux user. >>>>> >>>>>>> semanage user –a -R sysadm_r -R staff_r -r s0-s0:c0.c1023 >>>>>>> testuser_u useradd -G wheel testuser semanage login -a -r >>>>>>> s0-s0:c0.c1023 -s testuser_u testuser >>>>> libsemanage.dbase_llist_query: could not query record value >>>>> /usr/sbin/semanage: Could not query user for testuser >>>>> >>>>> >>>>> I have the RHEL 6.5 source code for libsemanage and the targeted >> policy >>>>> but so far I haven't been able to find differences that would >> affect >>>>> this problem. Could someone please point me in the right direction >>>>> >> as >>>>> far as what semanage is expecting? What would prevent libsemanage >>>>> >> from >>>>> querying for the user? >>>>> >>>>> Thanks, Andy >>>>> >>>>> >>>>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>>>> >>>> What does semanage login -l and semanage user -l show? -----BEGIN >>>> PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with >>>> Thunderbird >> - >>>> http://www.enigmail.net/ >>>> >>>> iEYEARECAAYFAlMGZ6gACgkQrlYvE4MpobPPDACfZf1lDin/LicVoZbykbsMS2rX >>>> OuoAoIIa11SrGGVgJiFblx4aCFjPWF9o =iiCj -----END PGP SIGNATURE----- >>>> >>> >>> semanage user -l shows: >>> >>> >>> Labeling MLS/ MLS/ SELinux User Prefix MCS Level MCS >>> Range SELinux Roles >>> >>> root user s0 s0-s0:c0.c1023 system_r system_u >>> user s0 s0-s0:c0.c1023 system_r testuser_u user >>> s0 s0-s0:c0.c1023 staff_r sysadm_r user_u user >>> s0 s0 user_r >>> >>> >>> >>> semanage login -l shows: >>> >>> >>> Login Name SELinux User MLS/MCS Range >>> >>> >>> root root s0-s0:c0.c1023 >>> system_u system_u s0-s0:c0.c1023 -- >>> selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>> >>> >> And the testuser exists in /etc/passwd? -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - >> http://www.enigmail.net/ >> >> iEYEARECAAYFAlMGdVYACgkQrlYvE4MpobPSyQCgkQxSuJh2rUYvkDcNjCo2aeai >> DugAniPjTv6IbODBn+ADnsIPdpf1M55a =TUJs >> >> -----END PGP SIGNATURE----- >> > > > Yes. The commands "semanage user -a" and "useradd" appear to work fine. > It's the "semanage login -a" that has trouble. > And this is with the stock policycoreutils or a rebuilt one? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMGgHUACgkQrlYvE4MpobOltACgqKw0AFB/7VRzT08hJRTh5A2v i1EAn1oG1gBOGN9R3npTRx7aMdR0fV5H =gXXZ -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
