-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/20/2014 04:44 PM, Andy Ruch wrote:
> On Thursday, February 20, 2014 2:36 PM, Daniel J Walsh
> <dwalsh(a)redhat.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02/20/2014 03:46 PM, Andy Ruch wrote:
>>
>>
>>
>>
>> On Thursday, February 20, 2014 1:38 PM, Daniel J Walsh
> <dwalsh(a)redhat.com>
>> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>>
>>> On 02/19/2014 11:56 AM, Andy Ruch wrote:
>>>> Hello,
>>>>
>>>> I have a policy that was originally written for RHEL 6.2. I’m now
>>>> trying to upgrade to RHEL 6.5 and I’m having problems with
> semanage. I
>>>> can install a fresh RHEL 6.5 system with the targeted policy and
>>>> everything works fine. I then uninstall the targeted policy and
> install
>>>> my policy and I can’t link the linux user and selinux user.
>>>>
>>>>>> semanage user –a -R sysadm_r -R staff_r -r s0-s0:c0.c1023
>>>>>> testuser_u useradd -G wheel testuser semanage login -a -r
>>>>>> s0-s0:c0.c1023 -s testuser_u testuser
>>>> libsemanage.dbase_llist_query: could not query record value
>>>> /usr/sbin/semanage: Could not query user for testuser
>>>>
>>>>
>>>> I have the RHEL 6.5 source code for libsemanage and the targeted
> policy
>>>> but so far I haven't been able to find differences that would
> affect
>>>> this problem. Could someone please point me in the right direction
>>>>
> as
>>>> far as what semanage is expecting? What would prevent libsemanage
>>>>
> from
>>>> querying for the user?
>>>>
>>>> Thanks, Andy
>>>>
>>>>
>>>> -- selinux mailing list selinux(a)lists.fedoraproject.org
>>>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>>
>>> What does semanage login -l and semanage user -l show? -----BEGIN
>>> PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with
>>> Thunderbird
> -
>>>
http://www.enigmail.net/
>>>
>>> iEYEARECAAYFAlMGZ6gACgkQrlYvE4MpobPPDACfZf1lDin/LicVoZbykbsMS2rX
>>> OuoAoIIa11SrGGVgJiFblx4aCFjPWF9o =iiCj -----END PGP
SIGNATURE-----
>>>
>>
>> semanage user -l shows:
>>
>>
>> Labeling MLS/ MLS/ SELinux User Prefix MCS Level MCS
>> Range SELinux Roles
>>
>> root user s0 s0-s0:c0.c1023 system_r system_u
>> user s0 s0-s0:c0.c1023 system_r testuser_u user
>> s0 s0-s0:c0.c1023 staff_r sysadm_r user_u user
>> s0 s0 user_r
>>
>>
>>
>> semanage login -l shows:
>>
>>
>> Login Name SELinux User MLS/MCS Range
>>
>>
>> root root s0-s0:c0.c1023
>> system_u system_u s0-s0:c0.c1023 --
>> selinux mailing list selinux(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>>
> And the testuser exists in /etc/passwd? -----BEGIN PGP
SIGNATURE-----
> Version: GnuPG v1 Comment: Using GnuPG with Thunderbird -
>
http://www.enigmail.net/
>
> iEYEARECAAYFAlMGdVYACgkQrlYvE4MpobPSyQCgkQxSuJh2rUYvkDcNjCo2aeai
> DugAniPjTv6IbODBn+ADnsIPdpf1M55a =TUJs
>
> -----END PGP SIGNATURE-----
>
Yes. The commands "semanage user -a" and "useradd" appear to work
fine.
It's the "semanage login -a" that has trouble.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlMGgHUACgkQrlYvE4MpobOltACgqKw0AFB/7VRzT08hJRTh5A2v
i1EAn1oG1gBOGN9R3npTRx7aMdR0fV5H
=gXXZ
-----END PGP SIGNATURE-----