> On Thursday, February 20, 2014 3:23 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 02/20/2014 04:44 PM, Andy Ruch wrote: >> >> >> >> >> >>> On Thursday, February 20, 2014 2:36 PM, Daniel J Walsh >>> <dwalsh@xxxxxxxxxx> wrote: >>>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On 02/20/2014 03:46 PM, Andy Ruch wrote: >>>> >>>> >>>> >>>> >>>> On Thursday, February 20, 2014 1:38 PM, Daniel J Walsh >>> <dwalsh@xxxxxxxxxx> >>>> wrote: >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>> Hash: SHA1 >>>>> >>>>> >>>>> On 02/19/2014 11:56 AM, Andy Ruch wrote: >>>>>> Hello, >>>>>> >>>>>> I have a policy that was originally written for RHEL 6.2. > I’m now >>>>>> trying to upgrade to RHEL 6.5 and I’m having problems with >>> semanage. I >>>>>> can install a fresh RHEL 6.5 system with the targeted > policy and >>>>>> everything works fine. I then uninstall the targeted policy > and >>> install >>>>>> my policy and I can’t link the linux user and selinux user. >>>>>> >>>>>>>> semanage user –a -R sysadm_r -R staff_r -r > s0-s0:c0.c1023 >>>>>>>> testuser_u useradd -G wheel testuser semanage login > -a -r >>>>>>>> s0-s0:c0.c1023 -s testuser_u testuser >>>>>> libsemanage.dbase_llist_query: could not query record value > >>>>>> /usr/sbin/semanage: Could not query user for testuser >>>>>> >>>>>> >>>>>> I have the RHEL 6.5 source code for libsemanage and the > targeted >>> policy >>>>>> but so far I haven't been able to find differences that > would >>> affect >>>>>> this problem. Could someone please point me in the right > direction >>>>>> >>> as >>>>>> far as what semanage is expecting? What would prevent > libsemanage >>>>>> >>> from >>>>>> querying for the user? >>>>>> >>>>>> Thanks, Andy >>>>>> >>>>>> >>>>>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >>>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>>>>> >>>>> What does semanage login -l and semanage user -l show? > -----BEGIN >>>>> PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with >>>>> Thunderbird >>> - >>>>> http://www.enigmail.net/ >>>>> >>>>> > iEYEARECAAYFAlMGZ6gACgkQrlYvE4MpobPPDACfZf1lDin/LicVoZbykbsMS2rX >>>>> OuoAoIIa11SrGGVgJiFblx4aCFjPWF9o =iiCj -----END PGP > SIGNATURE----- >>>>> >>>> >>>> semanage user -l shows: >>>> >>>> >>>> Labeling MLS/ MLS/ SELinux User Prefix MCS Level > MCS >>>> Range SELinux Roles >>>> >>>> root user s0 s0-s0:c0.c1023 system_r > system_u >>>> user s0 s0-s0:c0.c1023 system_r testuser_u user >>>> s0 s0-s0:c0.c1023 staff_r sysadm_r user_u user >>>> s0 s0 user_r >>>> >>>> >>>> >>>> semanage login -l shows: >>>> >>>> >>>> Login Name SELinux User MLS/MCS Range >>>> >>>> >>>> root root s0-s0:c0.c1023 >>>> system_u system_u s0-s0:c0.c1023 > -- >>>> selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>>> >>>> >>> And the testuser exists in /etc/passwd? -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - >>> http://www.enigmail.net/ >>> >>> iEYEARECAAYFAlMGdVYACgkQrlYvE4MpobPSyQCgkQxSuJh2rUYvkDcNjCo2aeai >>> DugAniPjTv6IbODBn+ADnsIPdpf1M55a =TUJs >>> >>> -----END PGP SIGNATURE----- >>> >> >> >> Yes. The commands "semanage user -a" and "useradd" > appear to work fine. >> It's the "semanage login -a" that has trouble. >> > And this is with the stock policycoreutils or a rebuilt one? > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlMGgHUACgkQrlYvE4MpobOltACgqKw0AFB/7VRzT08hJRTh5A2v > i1EAn1oG1gBOGN9R3npTRx7aMdR0fV5H > =gXXZ > > -----END PGP SIGNATURE----- > Stock. Fresh install from RHEL 6.5 image. Then I remove the selinux-policy and selinux-policy-targeted RPMs and add my policy RPMs. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
