----- Original Message ----- > From: "Aman Sharma" <amansh.sharma5@xxxxxxxxx> > To: "Ravi Kumar" <nxp.ravi@xxxxxxxxx> > Cc: "SELinux" <selinux@xxxxxxxxxxxxx> > Sent: Friday, November 24, 2017 2:09:05 AM > Subject: Re: Qwery regarding Selinux Change Id context > > Hi Ravi, > > Thanks for your reply but SSH and Sysadm_login is already enabled. > > Actually I need to change the root context > from*System_u:system_r:unconfined_t > to sysadm_u:sysadm_r or **unconfined_u:**unconfined_r**.* > > *I found one command (**runcon > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /bin/bash**) but that > command will not work after reboot . Is there any parmanent solution for > this.* > It should be unconfined by default if you are running policy in targeted mode # cat /etc/selinux/targeted/seusers root:unconfined_u:s0-s0:c0.c1023 system_u:system_u:s0-s0:c0.c1023 __default__:unconfined_u:s0-s0:c0.c1023 try something like `semanage login -m -s unconfined_u root; restorecon -RF /root` > On Fri, Nov 24, 2017 at 12:22 PM, Ravi Kumar <nxp.ravi@xxxxxxxxx> wrote: > > > Based on the config each type of login ( ssh ,shell ) will have it own > > role . if this is just for testing you can try setting the bool value if > > you are logging via ssh. > > > > setsebool -P ssh_sysadm_login 1 > > > > > > > > Regards, > > Ravi > > > > On Fri, Nov 24, 2017 at 10:47 AM, Aman Sharma <amansh.sharma5@xxxxxxxxx> > > wrote: > > > >> > >> > >> Hi All, > >> > >> Currently Working on Cent OS 7.3 and login as a root User and my Id > >> command output is : > >> > >> *id* > >> *uid=0(root) gid=0(root) groups=0(root) > >> context=system_u:system_r:unconfined_t:s0-s0:c0.c1023* > >> > >> I want to change *System_u:system_r:unconfined_t to sysadm_u:sysadm_r > >> or **unconfined_u:**unconfined_r**. * > >> > >> *Also showing the output of following command :* > >> > >> *semanage user -l* > >> > >> * Labeling MLS/ MLS/ * > >> *SELinux User Prefix MCS Level MCS Range > >> SELinux Roles* > >> > >> *admin_u user s0 s0-s0:c0.c1023 > >> sysadm_r system_r* > >> *guest_u user s0 s0 > >> guest_r* > >> *root user s0 s0-s0:c0.c1023 > >> staff_r sysadm_r* > >> *specialuser_u user s0 s0 > >> sysadm_r system_r* > >> *staff_u user s0 s0-s0:c0.c1023 > >> staff_r sysadm_r system_r* > >> *sysadm_u user s0 s0-s0:c0.c1023 > >> sysadm_r* > >> *system_u user s0 s0-s0:c0.c1023 > >> system_r* > >> *unconfined_u user s0 s0-s0:c0.c1023 > >> system_r unconfined_r* > >> *user_u user s0 s0 > >> user_r* > >> *xguest_u user s0 s0 > >> xguest_r* > >> > >> > >> * semanage login -l* > >> > >> *Login Name SELinux User MLS/MCS Range Service* > >> > >> *__default__ sysadm_u s0-s0:c0.c1023 ** > >> *ccmservice specialuser_u s0 ** > >> *cucm admin_u s0-s0:c0.c1023 ** > >> *drfkeys specialuser_u s0 ** > >> *drfuser specialuser_u s0 ** > >> *informix specialuser_u s0 ** > >> *pwrecovery specialuser_u s0 ** > >> *root sysadm_u s0-s0:c0.c1023 ** > >> *sftpuser specialuser_u s0 ** > >> *system_u sysadm_u s0-s0:c0.c1023 ** > >> > >> > >> *Can anybody Please help me.* > >> > >> -- > >> > >> Thanks > >> Aman > >> Cell: +91 9990296404 | Email ID : amansh.sharma5@xxxxxxxxx > >> > >> > > > > > -- > > Thanks > Aman > Cell: +91 9990296404 | Email ID : amansh.sharma5@xxxxxxxxx > -- Simon Sekidde gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E
