On Wed, 2017-11-29 at 09:33 +0530, Aman Sharma wrote: > Hi Stephen, > > Below is the output of command : > > sestatus -v output > SELinux status: enabled > SELinuxfs mount: /sys/fs/selinux > SELinux root directory: /etc/selinux > Loaded policy name: targeted > Current mode: enforcing > Mode from config file: permissive > Policy MLS status: enabled > Policy deny_unknown status: allowed > Max kernel policy version: 28 > > Process contexts: > Current context: system_u:system_r:unconfined_t:s0- > s0:c0.c1023 > Init context: system_u:system_r:init_t:s0 > /usr/sbin/sshd system_u:system_r:sshd_t:s0- > s0:c0.c1023 > > File contexts: > Controlling terminal: system_u:object_r:sshd_devpts_t:s0 > /etc/passwd system_u:object_r:passwd_file_t:s0 > /etc/shadow system_u:object_r:shadow_t:s0 > /bin/bash system_u:object_r:shell_exec_t:s0 > /bin/login system_u:object_r:login_exec_t:s0 > /bin/sh system_u:object_r:bin_t:s0 -> > system_u:object_r:shell_exec_t:s0 > /sbin/agetty system_u:object_r:getty_exec_t:s0 > /sbin/init system_u:object_r:bin_t:s0 -> > system_u:object_r:init_exec_t:s0 > /usr/sbin/sshd system_u:object_r:sshd_exec_t:s0 > /lib/libc.so.6 system_u:object_r:lib_t:s0 -> > system_u:object_r:lib_t:s0 > /lib/ld-linux.so.2 system_u:object_r:lib_t:s0 -> > system_u:object_r:ld_so_t:s0 > > Also I am using ssh session for login. > > Please let me know how to change id command context to unconfined_u > or Sysadm_u. So from your earlier message, it is clear that you (or someone else) has heavily customized your semanage login and user mappings from the stock targeted policy. The question is why, and whether you want/need to retain any of those customizations. If not, then you could just delete all local customizations (via semanage or manually) and revert to a stock policy. If you do need to retain some of those customizations, then please show your current semanage login -l and semanage user -l output since you said you ran some further semanage commands after the last output you showed.
