semanage error when upgrading to RHEL 6.5

Daniel J Walsh dwalsh at redhat.com
Thu Feb 20 21:36:23 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/20/2014 03:46 PM, Andy Ruch wrote:
> 
> 
> 
> 
> On Thursday, February 20, 2014 1:38 PM, Daniel J Walsh <dwalsh at redhat.com>
> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> 
>> On 02/19/2014 11:56 AM, Andy Ruch wrote:
>>> Hello,
>>> 
>>> I have a policy that was originally written for RHEL 6.2. I’m now
>>> trying to upgrade to RHEL 6.5 and I’m having problems with semanage. I
>>> can install a fresh RHEL 6.5 system with the targeted policy and
>>> everything works fine. I then uninstall the targeted policy and install
>>> my policy and I can’t link the linux user and selinux user.
>>> 
>>>>> semanage user –a -R sysadm_r -R staff_r -r s0-s0:c0.c1023
>>>>> testuser_u useradd -G wheel testuser semanage login -a -r
>>>>> s0-s0:c0.c1023 -s testuser_u testuser
>>> libsemanage.dbase_llist_query: could not query record value 
>>> /usr/sbin/semanage: Could not query user for testuser
>>> 
>>> 
>>> I have the RHEL 6.5 source code for libsemanage and the targeted policy
>>> but so far I haven't been able to find differences that would affect
>>> this problem. Could someone please point me in the right direction as
>>> far as what semanage is expecting?  What would prevent libsemanage from
>>> querying for the user?
>>> 
>>> Thanks, Andy
>>> 
>>> 
>>> -- selinux mailing list selinux at lists.fedoraproject.org 
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>> 
>> What does semanage login -l and semanage user -l show? -----BEGIN PGP
>> SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird -
>> http://www.enigmail.net/
>> 
>> iEYEARECAAYFAlMGZ6gACgkQrlYvE4MpobPPDACfZf1lDin/LicVoZbykbsMS2rX 
>> OuoAoIIa11SrGGVgJiFblx4aCFjPWF9o =iiCj -----END PGP SIGNATURE-----
>> 
> 
> semanage user -l shows:
> 
> 
> Labeling   MLS/       MLS/ SELinux User    Prefix     MCS Level  MCS Range
> SELinux Roles
> 
> root            user       s0         s0-s0:c0.c1023
> system_r system_u        user       s0         s0-s0:c0.c1023
> system_r testuser_u      user       s0         s0-s0:c0.c1023
> staff_r sysadm_r user_u          user       s0         s0
> user_r
> 
> 
> 
> semanage login -l shows:
> 
> 
> Login Name                SELinux User              MLS/MCS Range
> 
> 
> root                      root                      s0-s0:c0.c1023
>  system_u                  system_u                  s0-s0:c0.c1023
>  -- selinux mailing list selinux at lists.fedoraproject.org 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
> 
And the testuser exists in /etc/passwd?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlMGdVYACgkQrlYvE4MpobPSyQCgkQxSuJh2rUYvkDcNjCo2aeai
DugAniPjTv6IbODBn+ADnsIPdpf1M55a
=TUJs
-----END PGP SIGNATURE-----

More information about the selinux mailing list