On Thursday, February 20, 2014 3:23 PM, Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/20/2014 04:44 PM, Andy Ruch wrote:
On Thursday, February 20, 2014 2:36 PM, Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/20/2014 03:46 PM, Andy Ruch wrote:
On Thursday, February 20, 2014 1:38 PM, Daniel J Walsh
wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/19/2014 11:56 AM, Andy Ruch wrote:
Hello,
I have a policy that was originally written for RHEL 6.2.
I’m now
trying to upgrade to RHEL 6.5 and I’m having problems with
semanage. I
can install a fresh RHEL 6.5 system with the targeted
policy and
everything works fine. I then uninstall the targeted policy
and
install
my policy and I can’t link the linux user and selinux user.
>> semanage user –a -R sysadm_r -R staff_r -r
s0-s0:c0.c1023
>> testuser_u useradd -G wheel testuser semanage login
-a -r
>> s0-s0:c0.c1023 -s testuser_u testuser libsemanage.dbase_llist_query: could not query record value
/usr/sbin/semanage: Could not query user for testuser
I have the RHEL 6.5 source code for libsemanage and the
targeted
policy
but so far I haven't been able to find differences that
would
affect
this problem. Could someone please point me in the right
direction
as
far as what semanage is expecting? What would prevent
libsemanage
from
querying for the user?
Thanks, Andy
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
What does semanage login -l and semanage user -l show?
-----BEGIN
PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird
iEYEARECAAYFAlMGZ6gACgkQrlYvE4MpobPPDACfZf1lDin/LicVoZbykbsMS2rX
OuoAoIIa11SrGGVgJiFblx4aCFjPWF9o =iiCj -----END PGP
SIGNATURE-----
semanage user -l shows:
Labeling MLS/ MLS/ SELinux User Prefix MCS Level
MCS
Range SELinux Roles
root user s0 s0-s0:c0.c1023 system_r
system_u
user s0 s0-s0:c0.c1023 system_r testuser_u user s0 s0-s0:c0.c1023 staff_r sysadm_r user_u user s0 s0 user_r
semanage login -l shows:
Login Name SELinux User MLS/MCS Range
root root s0-s0:c0.c1023 system_u system_u s0-s0:c0.c1023
--
selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
And the testuser exists in /etc/passwd? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlMGdVYACgkQrlYvE4MpobPSyQCgkQxSuJh2rUYvkDcNjCo2aeai DugAniPjTv6IbODBn+ADnsIPdpf1M55a =TUJs
-----END PGP SIGNATURE-----
Yes. The commands "semanage user -a" and "useradd"
appear to work fine.
It's the "semanage login -a" that has trouble.
And this is with the stock policycoreutils or a rebuilt one? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlMGgHUACgkQrlYvE4MpobOltACgqKw0AFB/7VRzT08hJRTh5A2v i1EAn1oG1gBOGN9R3npTRx7aMdR0fV5H =gXXZ
-----END PGP SIGNATURE-----
Stock. Fresh install from RHEL 6.5 image. Then I remove the selinux-policy and selinux-policy-targeted RPMs and add my policy RPMs.