Sorry I couldnt reply you earlier, and the issue still remains,
I checked failsafe_context, and it was 'sysadm_r:syadm_t' and when I changed to�
'system_r:initrc_t' as you said, it dint have any effect.
Regards,
Madhu
On Fri, Jun 24, 2011 at 5:26 PM, Sam Gandhi <samgandhi9@xxxxxxxxx> wrote:
On Fri, Jun 24, 2011 at 8:50 AM, c.r.madhusudhanan@xxxxxxxxx
<c.r.madhusudhanan@xxxxxxxxx> wrote:
> [root@localhost utils]# ./getconlist user_uMy guess it is picking up the context from
> user_u:user_r:consoletype_t
> [root@localhost utils]# ./getconlist root
> root:sysadm_r:sysadm_t
>
> [root@localhost utils]# ./getseuser meego
> seuser: �user_u, level (null)
> Context 0 � � � user_u:user_r:consoletype_t
> [root@localhost utils]# ./getseuser root
> seuser: �root, level (null)
> Context 0 � � � root:sysadm_r:sysadm_t
> (I dont know but the getseuser dint work until I changed the code
> �if (argc != 2). )
>
/etc/selinux/<context>/contexts/failsafe_context file.
Does your failsafe_context file have string �system_r:unconfined_t in
it. For experimental purpose if you change it to system_r:initrc_t you
will notice that your login session has context of
root:system_r:initrc_t
Now I don't know SELinux well enough to know if changing the
failsafe_context file is correct thing to do. You could run getseuser
through strace and see all the configuration files it examines.
One thing you will notice is SELinux user libraries read & write
various files in /selinux/ but I haven't found �description of how the
interface for /selinux/XXX is supposed to work
-Sam
> On Fri, Jun 24, 2011 at 3:09 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
>>
>> On Fri, 2011-06-24 at 14:52 +0000, c.r.madhusudhanan@xxxxxxxxx wrote:
>> > attached for your reference.
>>
>> What do the libselinux/utils say, e.g.:
>> cd libselinux/utils
>> ./getconlist user_u system_u:system_r:local_login_t
>> ./getseuser root system_u:system_r:local_login_t
>>
>> --
>> Stephen Smalley
>> National Security Agency
>>
>
>
