Hi Simon, After applying the commands which you mentioned previously is working fine but its still showing the ID command output as same i.e.
**id*> >> *uid=0(root) gid=0(root) groups=0(root)> >> context=system_u:system_r:unconfined_t:s0-s0:c0.c1023** Do you know how to reset this System_u to Unconfined_u i.e. to the default behavior. Thanks for the help. Aman On Sat, Nov 25, 2017 at 10:55 PM, Simon Sekidde <sseki...@redhat.com> wrote: > > > ----- Original Message ----- > > From: "Aman Sharma" <amansh.shar...@gmail.com> > > To: "Ravi Kumar" <nxp.r...@gmail.com> > > Cc: "SELinux" <selinux@tycho.nsa.gov> > > Sent: Friday, November 24, 2017 2:09:05 AM > > Subject: Re: Qwery regarding Selinux Change Id context > > > > Hi Ravi, > > > > Thanks for your reply but SSH and Sysadm_login is already enabled. > > > > Actually I need to change the root context > > from*System_u:system_r:unconfined_t > > to sysadm_u:sysadm_r or **unconfined_u:**unconfined_r**.* > > > > *I found one command (**runcon > > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /bin/bash**) but > that > > command will not work after reboot . Is there any parmanent solution for > > this.* > > > > It should be unconfined by default if you are running policy in targeted > mode > > # cat /etc/selinux/targeted/seusers > root:unconfined_u:s0-s0:c0.c1023 > system_u:system_u:s0-s0:c0.c1023 > __default__:unconfined_u:s0-s0:c0.c1023 > > try something like `semanage login -m -s unconfined_u root; restorecon -RF > /root` > > > > On Fri, Nov 24, 2017 at 12:22 PM, Ravi Kumar <nxp.r...@gmail.com> wrote: > > > > > Based on the config each type of login ( ssh ,shell ) will have it > own > > > role . if this is just for testing you can try setting the bool > value if > > > you are logging via ssh. > > > > > > setsebool -P ssh_sysadm_login 1 > > > > > > > > > > > > Regards, > > > Ravi > > > > > > On Fri, Nov 24, 2017 at 10:47 AM, Aman Sharma < > amansh.shar...@gmail.com> > > > wrote: > > > > > >> > > >> > > >> Hi All, > > >> > > >> Currently Working on Cent OS 7.3 and login as a root User and my Id > > >> command output is : > > >> > > >> *id* > > >> *uid=0(root) gid=0(root) groups=0(root) > > >> context=system_u:system_r:unconfined_t:s0-s0:c0.c1023* > > >> > > >> I want to change *System_u:system_r:unconfined_t to sysadm_u:sysadm_r > > >> or **unconfined_u:**unconfined_r**. * > > >> > > >> *Also showing the output of following command :* > > >> > > >> *semanage user -l* > > >> > > >> * Labeling MLS/ MLS/ * > > >> *SELinux User Prefix MCS Level MCS Range > > >> SELinux Roles* > > >> > > >> *admin_u user s0 s0-s0:c0.c1023 > > >> sysadm_r system_r* > > >> *guest_u user s0 s0 > > >> guest_r* > > >> *root user s0 s0-s0:c0.c1023 > > >> staff_r sysadm_r* > > >> *specialuser_u user s0 s0 > > >> sysadm_r system_r* > > >> *staff_u user s0 s0-s0:c0.c1023 > > >> staff_r sysadm_r system_r* > > >> *sysadm_u user s0 s0-s0:c0.c1023 > > >> sysadm_r* > > >> *system_u user s0 s0-s0:c0.c1023 > > >> system_r* > > >> *unconfined_u user s0 s0-s0:c0.c1023 > > >> system_r unconfined_r* > > >> *user_u user s0 s0 > > >> user_r* > > >> *xguest_u user s0 s0 > > >> xguest_r* > > >> > > >> > > >> * semanage login -l* > > >> > > >> *Login Name SELinux User MLS/MCS Range > Service* > > >> > > >> *__default__ sysadm_u s0-s0:c0.c1023 ** > > >> *ccmservice specialuser_u s0 ** > > >> *cucm admin_u s0-s0:c0.c1023 ** > > >> *drfkeys specialuser_u s0 ** > > >> *drfuser specialuser_u s0 ** > > >> *informix specialuser_u s0 ** > > >> *pwrecovery specialuser_u s0 ** > > >> *root sysadm_u s0-s0:c0.c1023 ** > > >> *sftpuser specialuser_u s0 ** > > >> *system_u sysadm_u s0-s0:c0.c1023 ** > > >> > > >> > > >> *Can anybody Please help me.* > > >> > > >> -- > > >> > > >> Thanks > > >> Aman > > >> Cell: +91 9990296404 | Email ID : amansh.shar...@gmail.com > > >> > > >> > > > > > > > > > -- > > > > Thanks > > Aman > > Cell: +91 9990296404 | Email ID : amansh.shar...@gmail.com > > > > -- > Simon Sekidde > gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E > > > -- Thanks Aman Cell: +91 9990296404 | Email ID : amansh.shar...@gmail.com