pam_selinux(sshd:session): Error! Unable to set executable context
Radha Venkatesh (radvenka)
radvenka at cisco.com
Thu Oct 18 18:25:04 UTC 2012
Dan,
No, we have not set up /etc/selinux/strict/contexts/users/specialuser_u (we are using strict policy).
But, it should fall back to the /etc/selinux/strict/contexts/default_contexts then. Would that not work? The defaults_contexts looks like this
system_r:sulogin_t:s0 sysadm_r:sysadm_t:s0
system_r:local_login_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
system_r:remote_login_t:s0 user_r:user_t:s0 staff_r:staff_t:s0
system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
system_r:crond_t:s0 user_r:user_crond_t:s0 staff_r:staff_crond_t:s0 sysadm_r:sysadm_crond_t:s0 system_r:system_crond_t:s0 mailman_r:user_crond_t:s0
system_r:xdm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
staff_r:staff_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
user_r:user_su_t:s0 staff_r:staff_t:s0 user_r:user_t:s0 sysadm_r:sysadm_t:s0
sysadm_r:sysadm_sudo_t:s0 sysadm_r:sysadm_t:s0
staff_r:staff_sudo_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0
user_r:user_sudo_t:s0 sysadm_r:sysadm_t:s0 user_r:user_t:s0
Thanks,
Radha.
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh at redhat.com]
Sent: Thursday, October 18, 2012 10:43 AM
To: Radha Venkatesh (radvenka)
Cc: selinux at lists.fedoraproject.org
Subject: Re: pam_selinux(sshd:session): Error! Unable to set executable context
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
>
>
> We have an selinux user specialuser_u defined. The outputs of the semanage
> command are as seen below
>
>
>
> semanager user –l
>
>
>
> admin_u user s0 SystemLow-SystemHigh
> system_r sysadm_r
>
> guest_u guest s0 s0
> guest_r
>
> remotesupport_u user s0 SystemLow-SystemHigh
> system_r sysadm_r
>
> root sysadm s0 SystemLow-SystemHigh
> system_r sysadm_r
>
> specialuser_u user s0 s0
> system_r sysadm_r
>
> staff_u staff s0 SystemLow-SystemHigh
> sysadm_r staff_r
>
> sysadm_u sysadm s0 SystemLow-SystemHigh
> sysadm_r
>
> system_u user s0 SystemLow-SystemHigh
> system_r
>
>
I have no idea what the random chars are, but did you setup a
/etc/selinux/targeted/contexts/users/specialuser_u file?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCAP5gACgkQrlYvE4MpobN9BACgsoMg3JUn5VtPgkbRpsAC7SEk
zmIAni4fDdROC0VKViTtlDU1QEJQmdYE
=Cebx
-----END PGP SIGNATURE-----
More information about the selinux
mailing list