Hi Stephen,
Below is my login pam file :
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth substack system-auth
auth include postlogin
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so restore should only be followed by sessions to be executed in the user context
session required pam_selinux.so restore
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include system-auth
session include postlogin
-session optional pam_ck_connector.so
Can you Please check if this is fine.
On Mon, Dec 4, 2017 at 9:31 PM, Aman Sharma <amansh.sharma5@xxxxxxxxx> wrote:
Hi Stephen,I got the below logs from the file .Can you please if these logs are fine or not :journalctl | grep selinuxDec 05 02:55:46 localhost.localdomain kernel: EVM: security.selinuxDec 04 21:26:10 cucm audispd[569]: node=localhost.localdomain type=USER_START msg=audit(1512402970.129:107): pid=7145 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_ loginuid,pam_selinux,pam_ namespace,pam_keyinit,pam_ keyinit,pam_limits,pam_ systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=10.97.7.209 addr=10.97.7.209 terminal=ssh res=success' Dec 04 21:26:10 cucm audispd[569]: node=localhost.localdomain type=USER_START msg=audit(1512402970.131:108): pid=7568 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_ loginuid,pam_selinux,pam_ namespace,pam_keyinit,pam_ keyinit,pam_limits,pam_ systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=10.97.7.209 addr=10.97.7.209 terminal=ssh res=success' Please let me know if any comments are there.--On Mon, Dec 4, 2017 at 9:10 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:Do you have any relevant error messages in /var/log/secure orOn Sat, 2017-12-02 at 09:29 +0530, Aman Sharma wrote:
> Hi All,
>
> Thanks for the information.
>
> But after resetting the semanage User/login, and moving the targeted
> folder to old one and then install the default target. then also its
> still showing the
> Id context as context=system_u:system_r:unconfined_t:s0-s0:c0.c1023.
>
> What I observed is after changing the permission using semanage
> command also, its still showing the system_u:system_r.
>
> Check the semanage login/User output :
>
> semanage login -l
>
> Login Name SELinux User MLS/MCS Range
> Service
>
> __default__ unconfined_u s0-s0:c0.c1023 *
> root unconfined_u s0-s0:c0.c1023 *
> system_u system_u s0-s0:c0.c1023 *
>
>
> semanage user -l
>
> Labeling MLS/ MLS/
> SELinux User Prefix MCS Level MCS Range
> SELinux Roles
>
> guest_u user s0 s0
> guest_r
> root user s0 s0-s0:c0.c1023
> staff_r sysadm_r system_r unconfined_r
> staff_u user s0 s0-s0:c0.c1023
> staff_r sysadm_r system_r unconfined_r
> sysadm_u user s0 s0-s0:c0.c1023
> sysadm_r
> system_u user s0 s0-s0:c0.c1023
> system_r unconfined_r
> unconfined_u user s0 s0-s0:c0.c1023
> system_r unconfined_r
> user_u user s0 s0
> user_r
> xguest_u user s0 s0
> xguest_r
>
>
> Looks like its related to some other issue. What you think about
> this.
journalctl -rb? Look for anything that refers to selinux or context.
I'm guessing that pam_selinux is unable to determine a valid context
for your login for some reason, and this is causing it to fall back to
this one. Or something like that.
You could try to emulate this process via selinuxdefcon, although I'm
not sure how closely it matches pam_selinux anymore. Sample usage:
1. See what context sshd is running in.
ps -eZ | grep sshd
It should be:
system_u:system_r:sshd_t:s0-s0:c0.c1023 2. Run selinuxdefcon to compute the default context for root when
logging in from sshd:
# Second argument should be whatever was shown by ps -eZ | grep sshd
above.
selinuxdefcon root system_u:system_r:sshd_t:s0-s0.c0123
It should be:
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
