Paul Moore wrote:
I'm haven't verified this (I'm at home and don't have an LSPP machine handy)
but it was originally the case where you had to be in the secadm_r role to be
able to use netlabelctl. Unless Dan/Chris added the netlabel_mgmt_t domain
to the sysadm_r role I don't expect you'll be able to run netlabelctl.
At some point I believe it was decided that sysadm_r was going to be the
powerful user and kinda replace secadm_r. Since then I have been executing
netlabelctl as sysadm and it's been working just fine.
This was working until before the openssh-18 package that broke logging in as
sysadm_r and the last policy -38. It stopped working now with the latest packages.
Like Linda I'm also a little curious as to the invalid context message,
something is not right ... why is a non system user, i.e. not system_u,
running with the system_r role?
...
I'm not sure this is a bug, unless of course we want sysadm_r to be able to
configure NetLabel. Please try running netlabelctl as secadm_r and report
the results.
secadm is able to execute netlabelctl. sysadm_r used to be able to run it as
well. Why was it changed in the first place, and should sysadm_r be able to
execute it since it is supposed to be a powerful role?
- Loulwa
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
