[DSE-User] Wrong type at user login
Éric Deschamps
erdesc at free.fr
Wed Sep 11 11:48:08 UTC 2013
Le 11/09/2013 13:26, Russell Coker a écrit :
> On Wed, 11 Sep 2013, Éric Deschamps <erdesc at free.fr> wrote:
>> Using SElinux on a new installed Wheezy server, I get this strange
>> context for my user:
>> $ id -Z
>> staff_u:staff_r:insmod_t:s0
>>
>> It's true that I changed the default selinux user for this user, but
>> even with the unconfined_u, the type is still insmod_t.
>
> That's a labelling error, probably init is mislabelled. "ps axZ" will show
> you the contexts, init or systemd should run in the init_t domain, use
> "restorecon -v" to fix the labelling of the file.
>
> Init programs other than sysvinit and systemd probably aren't going to work.
>
Many thanks for your answer. init looks OK.
$ ps auxZ |grep insmod_t
staff_u:staff_r:insmod_t:s0 erdesc 19301 0.0 0.0 24148 1932 ?
Ss sept.10 0:00 SCREEN
staff_u:staff_r:insmod_t:s0 erdesc 19302 0.0 0.0 19928 2208
pts/0 Ss sept.10 0:00 /bin/bash
staff_u:staff_r:insmod_t:s0 erdesc 19303 0.0 0.0 19924 2132
pts/1 Ss sept.10 0:00 /bin/bash
staff_u:staff_r:insmod_t:s0 erdesc 55028 0.0 0.0 19884 2120
pts/2 Ss+ 11:47 0:00 -bash
staff_u:staff_r:insmod_t:s0 erdesc 60473 0.0 0.0 19888 2164
pts/3 Ss 13:36 0:00 -bash
staff_u:staff_r:insmod_t:s0 erdesc 60581 0.0 0.0 23588 1100
pts/3 S+ 13:38 0:00 screen -x
staff_u:staff_r:insmod_t:s0 erdesc 60761 0.0 0.0 17324 1396
pts/0 R+ 13:42 0:00 ps auxZ
staff_u:staff_r:insmod_t:s0 erdesc 60762 0.0 0.0 8336 884
pts/0 S+ 13:42 0:00 grep insmod_t
I checked file context for sshd (i'm connecting through ssh), screen and
bash and it seems OK.
I corrected filesystem contexts yesterday and restarted the server.
Anyway,I can't launch the run_init service ssh restart because of my
actual context (i'm only connected with my user and have root
permissions through sudo).
I'll go further on tonight. Again, many thanks!
Éric
More information about the Selinux-user
mailing list