On Fri, 2013-01-18 at 17:31 +0000, Anamitra Dutta Majumdar (anmajumd)
wrote:
It is
sysadm_u user s0 s0-s0:c0.c1023
sysadm_r
Add the system_r role to it, that might help
semanage user -m -L s0 -r s0-s0:c0.c1023 -R "sysadm_r system_r" -P user
sysadm_u
Thanks,
Anamitra
On 1/18/13 9:11 AM, "Dominick Grift" <dominick.grift(a)gmail.com> wrote:
>On Fri, 2013-01-18 at 16:34 +0000, Anamitra Dutta Majumdar (anmajumd)
>wrote:
>> We have removed the unconfined domain from our system based on RHEL6.
>> After that when we run audit2allow we see the following messages
>>
>> [root@vos-cm148 ~]# audit2allow -a
>> libsepol.context_from_record: invalid security context:
>>"sysadm_u:system_r:useradd_t:s0-s0:c0.c1023"
>> libsepol.context_from_record: could not create context structure
>> libsepol.context_from_string: could not create context structure
>> libsepol.sepol_context_to_sid: could not convert
>>sysadm_u:system_r:useradd_t:s0-s0:c0.c1023 to sid
>>
>> Are these harmful? What do they mean and how can we get rid of them.
>>
>
>What is the output of: semanage user -l | grep sysadm_u?
>
>
>
>