semanage error when upgrading to RHEL 6.5

Andy Ruch adruch2002 at yahoo.com
Thu Feb 20 21:44:30 UTC 2014 





> On Thursday, February 20, 2014 2:36 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 02/20/2014 03:46 PM, Andy Ruch wrote:
>> 
>> 
>> 
>> 
>>  On Thursday, February 20, 2014 1:38 PM, Daniel J Walsh 
> <dwalsh at redhat.com>
>>  wrote:
>> 
>>  -----BEGIN PGP SIGNED MESSAGE-----
>>>  Hash: SHA1
>>> 
>>> 
>>>  On 02/19/2014 11:56 AM, Andy Ruch wrote:
>>>>  Hello,
>>>> 
>>>>  I have a policy that was originally written for RHEL 6.2. I’m now
>>>>  trying to upgrade to RHEL 6.5 and I’m having problems with 
> semanage. I
>>>>  can install a fresh RHEL 6.5 system with the targeted policy and
>>>>  everything works fine. I then uninstall the targeted policy and 
> install
>>>>  my policy and I can’t link the linux user and selinux user.
>>>> 
>>>>>>  semanage user –a -R sysadm_r -R staff_r -r s0-s0:c0.c1023
>>>>>>  testuser_u useradd -G wheel testuser semanage login -a -r
>>>>>>  s0-s0:c0.c1023 -s testuser_u testuser
>>>>  libsemanage.dbase_llist_query: could not query record value 
>>>>  /usr/sbin/semanage: Could not query user for testuser
>>>> 
>>>> 
>>>>  I have the RHEL 6.5 source code for libsemanage and the targeted 
> policy
>>>>  but so far I haven't been able to find differences that would 
> affect
>>>>  this problem. Could someone please point me in the right direction 
> as
>>>>  far as what semanage is expecting?  What would prevent libsemanage 
> from
>>>>  querying for the user?
>>>> 
>>>>  Thanks, Andy
>>>> 
>>>> 
>>>>  -- selinux mailing list selinux at lists.fedoraproject.org 
>>>>  https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>> 
>>>  What does semanage login -l and semanage user -l show? -----BEGIN PGP
>>>  SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird 
> -
>>>  http://www.enigmail.net/
>>> 
>>>  iEYEARECAAYFAlMGZ6gACgkQrlYvE4MpobPPDACfZf1lDin/LicVoZbykbsMS2rX 
>>>  OuoAoIIa11SrGGVgJiFblx4aCFjPWF9o =iiCj -----END PGP SIGNATURE-----
>>> 
>> 
>>  semanage user -l shows:
>> 
>> 
>>  Labeling   MLS/       MLS/ SELinux User    Prefix     MCS Level  MCS Range
>>  SELinux Roles
>> 
>>  root            user       s0         s0-s0:c0.c1023
>>  system_r system_u        user       s0         s0-s0:c0.c1023
>>  system_r testuser_u      user       s0         s0-s0:c0.c1023
>>  staff_r sysadm_r user_u          user       s0         s0
>>  user_r
>> 
>> 
>> 
>>  semanage login -l shows:
>> 
>> 
>>  Login Name                SELinux User              MLS/MCS Range
>> 
>> 
>>  root                      root                      s0-s0:c0.c1023
>>   system_u                  system_u                  s0-s0:c0.c1023
>>   -- selinux mailing list selinux at lists.fedoraproject.org 
>>  https://admin.fedoraproject.org/mailman/listinfo/selinux
>> 
>> 
> And the testuser exists in /etc/passwd?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iEYEARECAAYFAlMGdVYACgkQrlYvE4MpobPSyQCgkQxSuJh2rUYvkDcNjCo2aeai
> DugAniPjTv6IbODBn+ADnsIPdpf1M55a
> =TUJs
> 
> -----END PGP SIGNATURE-----
>


Yes. The commands "semanage user -a" and "useradd" appear to work fine. It's the "semanage login -a" that has trouble.

More information about the selinux mailing list