Hi Simon,
After applying the commands which you mentioned previously is working fine but its still showing the ID command output as same i.e.
*id*
> >> *uid=0(root) gid=0(root) groups=0(root)
> >> context=system_u:system_r:unconfined_t:s0-s0:c0.c1023*
> >> *uid=0(root) gid=0(root) groups=0(root)
> >> context=system_u:system_r:
Do you know how to reset this System_u to Unconfined_u i.e. to the default behavior.
Thanks for the help.
Aman
On Sat, Nov 25, 2017 at 10:55 PM, Simon Sekidde <ssekidde@xxxxxxxxxx> wrote:
----- Original Message -----
> From: "Aman Sharma" <amansh.sharma5@xxxxxxxxx>
> To: "Ravi Kumar" <nxp.ravi@xxxxxxxxx>
> Cc: "SELinux" <selinux@xxxxxxxxxxxxx>
> Sent: Friday, November 24, 2017 2:09:05 AM
> Subject: Re: Qwery regarding Selinux Change Id context
>
> Hi Ravi,
>
> Thanks for your reply but SSH and Sysadm_login is already enabled.
>
> Actually I need to change the root context
> from*System_u:system_r:unconfined_t
> to sysadm_u:sysadm_r or **unconfined_u:**unconfined_r**.*
>
> *I found one command (**runcon
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /bin/bash**) but that
> command will not work after reboot . Is there any parmanent solution for
> this.*
>
It should be unconfined by default if you are running policy in targeted mode
# cat /etc/selinux/targeted/seusers
root:unconfined_u:s0-s0:c0.c1023
system_u:system_u:s0-s0:c0.c1023
__default__:unconfined_u:s0-s0:c0.c1023
try something like `semanage login -m -s unconfined_u root; restorecon -RF /root`
> On Fri, Nov 24, 2017 at 12:22 PM, Ravi Kumar <nxp.ravi@xxxxxxxxx> wrote:
>
> > Based on the config each type of login ( ssh ,shell ) will have it own
> > role . if this is just for testing you can try setting the bool value if
> > you are logging via ssh.
> >
> > setsebool -P ssh_sysadm_login 1
> >
> >
> >
> > Regards,
> > Ravi
> >
> > On Fri, Nov 24, 2017 at 10:47 AM, Aman Sharma <amansh.sharma5@xxxxxxxxx>
> > wrote:
> >
> >>
> >>
> >> Hi All,
> >>
> >> Currently Working on Cent OS 7.3 and login as a root User and my Id
> >> command output is :
> >>
> >> *id*
> >> *uid=0(root) gid=0(root) groups=0(root)
> >> context=system_u:system_r:unconfined_t:s0-s0:c0.c1023*
> >>
> >> I want to change *System_u:system_r:unconfined_t to sysadm_u:sysadm_r
> >> or **unconfined_u:**unconfined_r**. *
> >>
> >> *Also showing the output of following command :*
> >>
> >> *semanage user -l*
> >>
> >> * Labeling MLS/ MLS/ *
> >> *SELinux User Prefix MCS Level MCS Range
> >> SELinux Roles*
> >>
> >> *admin_u user s0 s0-s0:c0.c1023
> >> sysadm_r system_r*
> >> *guest_u user s0 s0
> >> guest_r*
> >> *root user s0 s0-s0:c0.c1023
> >> staff_r sysadm_r*
> >> *specialuser_u user s0 s0
> >> sysadm_r system_r*
> >> *staff_u user s0 s0-s0:c0.c1023
> >> staff_r sysadm_r system_r*
> >> *sysadm_u user s0 s0-s0:c0.c1023
> >> sysadm_r*
> >> *system_u user s0 s0-s0:c0.c1023
> >> system_r*
> >> *unconfined_u user s0 s0-s0:c0.c1023
> >> system_r unconfined_r*
> >> *user_u user s0 s0
> >> user_r*
> >> *xguest_u user s0 s0
> >> xguest_r*
> >>
> >>
> >> * semanage login -l*
> >>
> >> *Login Name SELinux User MLS/MCS Range Service*
> >>
> >> *__default__ sysadm_u s0-s0:c0.c1023 **
> >> *ccmservice specialuser_u s0 **
> >> *cucm admin_u s0-s0:c0.c1023 **
> >> *drfkeys specialuser_u s0 **
> >> *drfuser specialuser_u s0 **
> >> *informix specialuser_u s0 **
> >> *pwrecovery specialuser_u s0 **
> >> *root sysadm_u s0-s0:c0.c1023 **
> >> *sftpuser specialuser_u s0 **
> >> *system_u sysadm_u s0-s0:c0.c1023 **
> >>
> >>
> >> *Can anybody Please help me.*
--> >>
> >> --
> >>
> >> Thanks
> >> Aman
> >> Cell: +91 9990296404 | Email ID : amansh.sharma5@xxxxxxxxx
> >>
> >>
> >
>
>
> --
>
> Thanks
> Aman
> Cell: +91 9990296404 | Email ID : amansh.sharma5@xxxxxxxxx
>
Simon Sekidde
gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E
