Re: semanage error when upgrading to RHEL 6.5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/20/2014 04:44 PM, Andy Ruch wrote:
> 
> 
> 
> 
> 
>> On Thursday, February 20, 2014 2:36 PM, Daniel J Walsh
>> <dwalsh@xxxxxxxxxx> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> On 02/20/2014 03:46 PM, Andy Ruch wrote:
>>> 
>>> 
>>> 
>>> 
>>> On Thursday, February 20, 2014 1:38 PM, Daniel J Walsh
>> <dwalsh@xxxxxxxxxx>
>>> wrote:
>>> 
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>> 
>>>> 
>>>> On 02/19/2014 11:56 AM, Andy Ruch wrote:
>>>>> Hello,
>>>>> 
>>>>> I have a policy that was originally written for RHEL 6.2. I’m now 
>>>>> trying to upgrade to RHEL 6.5 and I’m having problems with
>> semanage. I
>>>>> can install a fresh RHEL 6.5 system with the targeted policy and 
>>>>> everything works fine. I then uninstall the targeted policy and
>> install
>>>>> my policy and I can’t link the linux user and selinux user.
>>>>> 
>>>>>>> semanage user –a -R sysadm_r -R staff_r -r s0-s0:c0.c1023 
>>>>>>> testuser_u useradd -G wheel testuser semanage login -a -r 
>>>>>>> s0-s0:c0.c1023 -s testuser_u testuser
>>>>> libsemanage.dbase_llist_query: could not query record value 
>>>>> /usr/sbin/semanage: Could not query user for testuser
>>>>> 
>>>>> 
>>>>> I have the RHEL 6.5 source code for libsemanage and the targeted
>> policy
>>>>> but so far I haven't been able to find differences that would
>> affect
>>>>> this problem. Could someone please point me in the right direction
>>>>> 
>> as
>>>>> far as what semanage is expecting?  What would prevent libsemanage
>>>>> 
>> from
>>>>> querying for the user?
>>>>> 
>>>>> Thanks, Andy
>>>>> 
>>>>> 
>>>>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
>>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>>> 
>>>> What does semanage login -l and semanage user -l show? -----BEGIN
>>>> PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with
>>>> Thunderbird
>> -
>>>> http://www.enigmail.net/
>>>> 
>>>> iEYEARECAAYFAlMGZ6gACgkQrlYvE4MpobPPDACfZf1lDin/LicVoZbykbsMS2rX 
>>>> OuoAoIIa11SrGGVgJiFblx4aCFjPWF9o =iiCj -----END PGP SIGNATURE-----
>>>> 
>>> 
>>> semanage user -l shows:
>>> 
>>> 
>>> Labeling   MLS/       MLS/ SELinux User    Prefix     MCS Level  MCS
>>> Range SELinux Roles
>>> 
>>> root            user       s0         s0-s0:c0.c1023 system_r system_u
>>> user       s0         s0-s0:c0.c1023 system_r testuser_u      user
>>> s0         s0-s0:c0.c1023 staff_r sysadm_r user_u          user
>>> s0         s0 user_r
>>> 
>>> 
>>> 
>>> semanage login -l shows:
>>> 
>>> 
>>> Login Name                SELinux User              MLS/MCS Range
>>> 
>>> 
>>> root                      root                      s0-s0:c0.c1023 
>>> system_u                  system_u                  s0-s0:c0.c1023 --
>>> selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>> 
>>> 
>> And the testuser exists in /etc/passwd? -----BEGIN PGP SIGNATURE----- 
>> Version: GnuPG v1 Comment: Using GnuPG with Thunderbird -
>> http://www.enigmail.net/
>> 
>> iEYEARECAAYFAlMGdVYACgkQrlYvE4MpobPSyQCgkQxSuJh2rUYvkDcNjCo2aeai 
>> DugAniPjTv6IbODBn+ADnsIPdpf1M55a =TUJs
>> 
>> -----END PGP SIGNATURE-----
>> 
> 
> 
> Yes. The commands "semanage user -a" and "useradd" appear to work fine.
> It's the "semanage login -a" that has trouble.
> 
And this is with the stock policycoreutils or a rebuilt one?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlMGgHUACgkQrlYvE4MpobOltACgqKw0AFB/7VRzT08hJRTh5A2v
i1EAn1oG1gBOGN9R3npTRx7aMdR0fV5H
=gXXZ
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux