On 20 Aug 2016 08:56, "Kashif ali" <kashif.ali.9498@xxxxxxxxx> wrote:
>
> Hi
> * I'm facing a problem while changing the context of root user in selinux, Selinux is in enforced and targeted policy. By default Selinux assign user =>"unconfined_u:unconfiend_r:unconfined_t:"
> context for the user i have changed the selinux mapped root user "unconifined_u" into "system_u" for root user with the help of command
> =>"semanage login -a -s system_u root"
> after executing this command the root user context is changed into "system_u:unconfined_r:unconfined_t:".
Don't do this. System_u is not able to login. System_u is for daemon's. Root is in sysadm_r or unconfined_r usually.
> * Now i have changed the root user role and domain type so i execute this command
> =>"newrole -r system_r -t initrc_t:"
> and change the root user context into "system_u:system_r:initrc_t:" but this change is temporary after rebooting the system the context of root user is changed back to "system_u:unconfined_r:unconfined_t:"
>
> * what i need is to change the root user context permanently into "system_u:system_r:initrc_t:".
Why permanently? This will probably break a lot of things. What are you trying to accomplish with making it permanent?
If you need to run a command as initrc_t, use run_init in front. Eg:
# run_init /etc/init.d/sshd restart
This will first switch to system_u:system_r:initrc_t and then run ssh which will automatically transition to sshd_t
-- Jason
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
