pam_selinux(sshd:session): Error! Unable to set executable context

Radha Venkatesh (radvenka) radvenka at cisco.com
Thu Oct 18 18:25:04 UTC 2012 

Dan,

No, we have not set up /etc/selinux/strict/contexts/users/specialuser_u (we are using strict policy).


But, it should fall back to the /etc/selinux/strict/contexts/default_contexts then. Would that not work? The defaults_contexts looks like this

system_r:sulogin_t:s0   sysadm_r:sysadm_t:s0
system_r:local_login_t:s0       staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0      user_r:user_t:s0 staff_r:staff_t:s0
system_r:sshd_t:s0              user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:crond_t:s0     user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 mailman_r:user_crond_t:s0
system_r:xdm_t:s0               staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
staff_r:staff_su_t:s0   staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
user_r:user_su_t:s0     staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0       sysadm_r:sysadm_t:s0
staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
user_r:user_sudo_t:s0   sysadm_r:sysadm_t:s0 user_r:user_t:s0

Thanks,
Radha.

-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh at redhat.com] 
Sent: Thursday, October 18, 2012 10:43 AM
To: Radha Venkatesh (radvenka)
Cc: selinux at lists.fedoraproject.org
Subject: Re: pam_selinux(sshd:session): Error! Unable to set executable context

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
> 
> 
> We have an selinux user specialuser_u defined. The outputs of the semanage 
> command are as seen below
> 
> 
> 
> semanager user –l
> 
> 
> 
> admin_u         user       s0         SystemLow-SystemHigh
> system_r sysadm_r
> 
> guest_u         guest      s0         s0
> guest_r
> 
> remotesupport_u user       s0         SystemLow-SystemHigh
> system_r sysadm_r
> 
> root            sysadm     s0         SystemLow-SystemHigh
> system_r sysadm_r
> 
> specialuser_u   user       s0         s0
> system_r sysadm_r
> 
> staff_u         staff      s0         SystemLow-SystemHigh
> sysadm_r staff_r
> 
> sysadm_u        sysadm     s0         SystemLow-SystemHigh
> sysadm_r
> 
> system_u        user       s0         SystemLow-SystemHigh
> system_r
> 
> 

I have no idea what the random chars are, but did you setup a
/etc/selinux/targeted/contexts/users/specialuser_u file?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCAP5gACgkQrlYvE4MpobN9BACgsoMg3JUn5VtPgkbRpsAC7SEk
zmIAni4fDdROC0VKViTtlDU1QEJQmdYE
=Cebx
-----END PGP SIGNATURE-----

More information about the selinux mailing list