-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lisa R. wrote: > Hello again. > > I realized that I need to run a restorecon after I semanage fcontext so that resolved my labeling issue. > > However, I still have a problem with my logins. They aren't being applied when I login. > > When I semanage user -l as root I see my custom "selinux user" associated with the custom label. > > When I semange login -l as root I see my custom "selinux user" associated with the "login name" that I created with adduser. > > However, when I login and run id -Z as my new user I see the default security context set when I created the user under root. > > All I am trying to do is apply a new login to one of my users but it won't take. > > I tried a reboot... > > Did I break something or do I need to apply something? > > This worked the other day without a problem (likely story but it did). > I you want to change the default context that the root user logs in with, you will need to edit /etc/selinux/*/contexts/users/root > Thanks, > Lisa > j > > ---- "Lisa R." <lraykow@xxxxxxx> wrote: >> Hello. >> >> I am on a Debian Etch box with SELinux in permissive mode. I am using the Strict policy. >> >> Of course I have no problem adding a user with something like: >> useradd -c "SE Linux test user 1" -m -d /home/setest_1 -g users -s /bin/bash -u 1005 setest_1 >> >> I then create a new SElinux user group: >> semanage user -a -R 'user_r' -P selinuxtest selinuxtest_u >> >> Finally I create the login for setest_1: >> semanage login -a -s selinuxtest_u setest_1 >> >> ***I am doing this for example purposes*** >> >> The other day this all worked great. I verified by logging in as setest_1 and ensuring the security context showed selinuxtest_u. >> >> However, later I created a very small policy module and added a new type mysetype_t. >> >> I created the .pp file with make -c Makefile >> I installed the .pp file with semodule -i mymodule.pp >> >> I applied that type to everything under the /lisa directory with: >> semanage fcontext -a -t mysetype_t "/lisa(/.*)?" >> >> I verified the type was applied with ls -Z. >> >> So no problems yet... >> >> Today when I login as setest_1 the security context is that of what it defaults to when root creates the user. The login I applied the other day is gone. >> >> HOWEVER, if I do a semanage user -l and semanage login -l everything looks as it should. I see that the login for setest_1 is selinuxtest_u. >> >> I tried to semanage fcontext -a -t mysetype_t "/somedirectory(/.*)?" >> and that didn't work either. >> >> HOWEVER, I did a restorecon on each individual file and that seemed to work. >> >> What is going on or how do I "restorecon" my logins so I can see any new logins I applied? >> >> Thanks, >> Lisa >> >> >> >> >> >> -- >> This message was distributed to subscribers of the selinux mailing list. >> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with >> the words "unsubscribe selinux" without quotes as the message. > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEUEARECAAYFAkfvLQIACgkQrlYvE4MpobMAPACWIePIB5I2yfWq6jFn4S8J+cLd ZACfequgBnpKVXE4UO2NuY3f3kY1XOc= =FALo -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
