Re: semanage error when upgrading to RHEL 6.5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 







> On Thursday, February 20, 2014 3:23 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 02/20/2014 04:44 PM, Andy Ruch wrote:
>> 
>> 
>> 
>> 
>> 
>>>  On Thursday, February 20, 2014 2:36 PM, Daniel J Walsh
>>>  <dwalsh@xxxxxxxxxx> wrote:
>>>>  -----BEGIN PGP SIGNED MESSAGE-----
>>>  Hash: SHA1
>>> 
>>>  On 02/20/2014 03:46 PM, Andy Ruch wrote:
>>>> 
>>>> 
>>>> 
>>>> 
>>>>  On Thursday, February 20, 2014 1:38 PM, Daniel J Walsh
>>>  <dwalsh@xxxxxxxxxx>
>>>>  wrote:
>>>> 
>>>>  -----BEGIN PGP SIGNED MESSAGE-----
>>>>>  Hash: SHA1
>>>>> 
>>>>> 
>>>>>  On 02/19/2014 11:56 AM, Andy Ruch wrote:
>>>>>>  Hello,
>>>>>> 
>>>>>>  I have a policy that was originally written for RHEL 6.2. 
> I’m now 
>>>>>>  trying to upgrade to RHEL 6.5 and I’m having problems with
>>>  semanage. I
>>>>>>  can install a fresh RHEL 6.5 system with the targeted 
> policy and 
>>>>>>  everything works fine. I then uninstall the targeted policy 
> and
>>>  install
>>>>>>  my policy and I can’t link the linux user and selinux user.
>>>>>> 
>>>>>>>>  semanage user –a -R sysadm_r -R staff_r -r 
> s0-s0:c0.c1023 
>>>>>>>>  testuser_u useradd -G wheel testuser semanage login 
> -a -r 
>>>>>>>>  s0-s0:c0.c1023 -s testuser_u testuser
>>>>>>  libsemanage.dbase_llist_query: could not query record value 
> 
>>>>>>  /usr/sbin/semanage: Could not query user for testuser
>>>>>> 
>>>>>> 
>>>>>>  I have the RHEL 6.5 source code for libsemanage and the 
> targeted
>>>  policy
>>>>>>  but so far I haven't been able to find differences that 
> would
>>>  affect
>>>>>>  this problem. Could someone please point me in the right 
> direction
>>>>>> 
>>>  as
>>>>>>  far as what semanage is expecting?  What would prevent 
> libsemanage
>>>>>> 
>>>  from
>>>>>>  querying for the user?
>>>>>> 
>>>>>>  Thanks, Andy
>>>>>> 
>>>>>> 
>>>>>>  -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
>>>>>>  https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>>>> 
>>>>>  What does semanage login -l and semanage user -l show? 
> -----BEGIN
>>>>>  PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with
>>>>>  Thunderbird
>>>  -
>>>>>  http://www.enigmail.net/
>>>>> 
>>>>> 
> iEYEARECAAYFAlMGZ6gACgkQrlYvE4MpobPPDACfZf1lDin/LicVoZbykbsMS2rX 
>>>>>  OuoAoIIa11SrGGVgJiFblx4aCFjPWF9o =iiCj -----END PGP 
> SIGNATURE-----
>>>>> 
>>>> 
>>>>  semanage user -l shows:
>>>> 
>>>> 
>>>>  Labeling   MLS/       MLS/ SELinux User    Prefix     MCS Level  
> MCS
>>>>  Range SELinux Roles
>>>> 
>>>>  root            user       s0         s0-s0:c0.c1023 system_r 
> system_u
>>>>  user       s0         s0-s0:c0.c1023 system_r testuser_u      user
>>>>  s0         s0-s0:c0.c1023 staff_r sysadm_r user_u          user
>>>>  s0         s0 user_r
>>>> 
>>>> 
>>>> 
>>>>  semanage login -l shows:
>>>> 
>>>> 
>>>>  Login Name                SELinux User              MLS/MCS Range
>>>> 
>>>> 
>>>>  root                      root                      s0-s0:c0.c1023 
>>>>  system_u                  system_u                  s0-s0:c0.c1023 
> --
>>>>  selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
>>>>  https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>> 
>>>> 
>>>  And the testuser exists in /etc/passwd? -----BEGIN PGP SIGNATURE----- 
>>>  Version: GnuPG v1 Comment: Using GnuPG with Thunderbird -
>>>  http://www.enigmail.net/
>>> 
>>>  iEYEARECAAYFAlMGdVYACgkQrlYvE4MpobPSyQCgkQxSuJh2rUYvkDcNjCo2aeai 
>>>  DugAniPjTv6IbODBn+ADnsIPdpf1M55a =TUJs
>>> 
>>>  -----END PGP SIGNATURE-----
>>> 
>> 
>> 
>>  Yes. The commands "semanage user -a" and "useradd" 
> appear to work fine.
>>  It's the "semanage login -a" that has trouble.
>> 
> And this is with the stock policycoreutils or a rebuilt one?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iEYEARECAAYFAlMGgHUACgkQrlYvE4MpobOltACgqKw0AFB/7VRzT08hJRTh5A2v
> i1EAn1oG1gBOGN9R3npTRx7aMdR0fV5H
> =gXXZ
> 
> -----END PGP SIGNATURE-----
>

Stock. Fresh install from RHEL 6.5 image. Then I remove the selinux-policy and selinux-policy-targeted RPMs and add my policy RPMs.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux