[DSE-User] Can't change SeLinux login
Éric Deschamps
erdesc at free.fr
Fri Sep 13 08:23:36 UTC 2013
Hello,
Using SELinux on a fresh-installed Wheezy server, I encounter several
problems:
I'd like to put my user in unconfined_u login, but it does not work:
# semanage login -m -s "unconfined_u" erdesc
libsemanage.semanage_commit_sandbox: Error while renaming
/etc/selinux/default/modules/active to
/etc/selinux/default/modules/previous. (Permission denied).
/usr/sbin/semanage: Could not commit semanage transaction
But I'm actually using the root account with unconfined_u:
# id -Z
unconfined_u:unconfined_r:unconfined_t:SystemLow-SystemHigh
So bad, still as root, I try to go into permissive mode to help debug,
but I can't:
# setenforce 0
setenforce: setenforce() failed
/var/log/syslog does'nt help me much:
Sep 13 10:11:48 myhost semanage: Successful: modify selinux user
mapping name=erdesc sename=unconfined_u old_sename=staff_u MLSRange=s0
old_MLSRange=s0
Sep 13 10:11:49 myhost semanage: Failed: modify selinux user mapping
name=erdesc sename=unconfined_u
Neither does /var/log/audit.log:
ype=AVC msg=audit(1379059921.724:7826280): avc: denied { getattr } for
pid=52575 comm="unix_chkpwd" name="/" dev="sysfs" ino=1
scontext=system_u:system_r:chkpwd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:sysfs_t:s0 tclass=filesystem
Is it a MCS Category related problem or another labelling error?
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
SELinux root directory: /etc/selinux
Loaded policy name: default
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: denied
Max kernel policy version: 26
I can't find the sealert tool to help debug this.
Any help very welcome :)
Regards,
Éric
More information about the Selinux-user
mailing list