Until a few days ago, my Fedora 29 Atomic host was working
perfectly with SELinux enforced. The server is only a few week old with
nothing fancy yet set or installed.
I
changed recently my user (gabx) context from the default unconfined to
sysadmn_u and ran restorecon.
Here is what I did:
Fresh after install:
--------------------------------------------------
# semanage login -lLogin Name SELinux User MLS/MCS Range __default__ unconfined_u s0-s0:c0.c1023 root unconfined_u s0-s0:c0.c1023 gabx unconfined_u s0-s0:c0.c1023
--------------------------------
Then:
# semanage login -m -s sysadm_u --range s0-s0.c0.c1023# semanage login -lgabx sysadm_u s0-s0:c0.c1023 *
# restorecon -RF /hone/gabx
# ls -alZ /home/gabx
drwxrwxr-x. 5 gabx gabx sysadm_u:object_r:config_home_t:s0 61 Aug 17 14:42 .config/
drwxrwxr-x. 2 gabx gabx sysadm_u:object_r:user_home_t:s0 6 Aug 21 14:09 hugo/
....
# vim /etc/sudoers.d/gabx
gabx ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r /bin/sh
This change may be the root of the problem. I
ran a few a certbot-letsencrypt container which changed a few files
contexts (container_t): maybe did it broke a few things?
I can't load modules.
With the help of ausearch and journalctl, I can identify SELinux messages, I can write a myapp.pp module. But then:
-----------------------------------
# semodule -i myapp.pp
semodule: Failed on myapp.pp!
-------------------------------
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
