Hi Stephen,
I got the below logs from the file .Can you please if these logs are fine or not :
journalctl | grep selinux
Dec 05 02:55:46 localhost.localdomain kernel: EVM: security.selinux
Dec 04 21:26:10 cucm audispd[569]: node=localhost.localdomain type=USER_START msg=audit(1512402970.129:107): pid=7145 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=10.97.7.209 addr=10.97.7.209 terminal=ssh res=success'
Dec 04 21:26:10 cucm audispd[569]: node=localhost.localdomain type=USER_START msg=audit(1512402970.131:108): pid=7568 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=10.97.7.209 addr=10.97.7.209 terminal=ssh res=success'
Please let me know if any comments are there.
On Mon, Dec 4, 2017 at 9:10 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
Do you have any relevant error messages in /var/log/secure orOn Sat, 2017-12-02 at 09:29 +0530, Aman Sharma wrote:
> Hi All,
>
> Thanks for the information.
>
> But after resetting the semanage User/login, and moving the targeted
> folder to old one and then install the default target. then also its
> still showing the
> Id context as context=system_u:system_r:unconfined_t:s0-s0:c0.c1023.
>
> What I observed is after changing the permission using semanage
> command also, its still showing the system_u:system_r.
>
> Check the semanage login/User output :
>
> semanage login -l
>
> Login Name SELinux User MLS/MCS Range
> Service
>
> __default__ unconfined_u s0-s0:c0.c1023 *
> root unconfined_u s0-s0:c0.c1023 *
> system_u system_u s0-s0:c0.c1023 *
>
>
> semanage user -l
>
> Labeling MLS/ MLS/
> SELinux User Prefix MCS Level MCS Range
> SELinux Roles
>
> guest_u user s0 s0
> guest_r
> root user s0 s0-s0:c0.c1023
> staff_r sysadm_r system_r unconfined_r
> staff_u user s0 s0-s0:c0.c1023
> staff_r sysadm_r system_r unconfined_r
> sysadm_u user s0 s0-s0:c0.c1023
> sysadm_r
> system_u user s0 s0-s0:c0.c1023
> system_r unconfined_r
> unconfined_u user s0 s0-s0:c0.c1023
> system_r unconfined_r
> user_u user s0 s0
> user_r
> xguest_u user s0 s0
> xguest_r
>
>
> Looks like its related to some other issue. What you think about
> this.
journalctl -rb? Look for anything that refers to selinux or context.
I'm guessing that pam_selinux is unable to determine a valid context
for your login for some reason, and this is causing it to fall back to
this one. Or something like that.
You could try to emulate this process via selinuxdefcon, although I'm
not sure how closely it matches pam_selinux anymore. Sample usage:
1. See what context sshd is running in.
ps -eZ | grep sshd
It should be:
system_u:system_r:sshd_t:s0-s0:c0.c1023 2. Run selinuxdefcon to compute the default context for root when
logging in from sshd:
# Second argument should be whatever was shown by ps -eZ | grep sshd
above.
selinuxdefcon root system_u:system_r:sshd_t:s0-s0.c0123
It should be:
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
