Re: Qwery regarding Selinux Change Id context

Sun, 26 Nov 2017 21:58:01 -0800 

Hi Simon,

After applying the commands which you mentioned previously is working fine
but its still showing the ID command output as same i.e.



**id*> >> *uid=0(root) gid=0(root) groups=0(root)> >>
context=system_u:system_r:unconfined_t:s0-s0:c0.c1023**

Do you know how to reset this System_u to Unconfined_u i.e. to the default
behavior.

Thanks for the help.

Aman

On Sat, Nov 25, 2017 at 10:55 PM, Simon Sekidde <sseki...@redhat.com> wrote:

>
>
> ----- Original Message -----
> > From: "Aman Sharma" <amansh.shar...@gmail.com>
> > To: "Ravi Kumar" <nxp.r...@gmail.com>
> > Cc: "SELinux" <selinux@tycho.nsa.gov>
> > Sent: Friday, November 24, 2017 2:09:05 AM
> > Subject: Re: Qwery regarding Selinux Change Id context
> >
> > Hi Ravi,
> >
> > Thanks for your reply but SSH and Sysadm_login is already enabled.
> >
> > Actually I need to change the root context
> > from*System_u:system_r:unconfined_t
> > to sysadm_u:sysadm_r or **unconfined_u:**unconfined_r**.*
> >
> > *I found one command (**runcon
> > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /bin/bash**) but
> that
> > command will not work after reboot . Is there any parmanent solution for
> > this.*
> >
>
> It should be unconfined by default if you are running policy in targeted
> mode
>
>  # cat /etc/selinux/targeted/seusers
> root:unconfined_u:s0-s0:c0.c1023
> system_u:system_u:s0-s0:c0.c1023
> __default__:unconfined_u:s0-s0:c0.c1023
>
> try something like `semanage login -m -s unconfined_u root; restorecon -RF
> /root`
>
>
> > On Fri, Nov 24, 2017 at 12:22 PM, Ravi Kumar <nxp.r...@gmail.com> wrote:
> >
> > > Based on the config  each type of login ( ssh ,shell  ) will have it
> own
> > > role .  if this is just for testing you can try setting the  bool
> value  if
> > > you are logging via ssh.
> > >
> > > setsebool -P ssh_sysadm_login 1
> > >
> > >
> > >
> > > Regards,
> > > Ravi
> > >
> > > On Fri, Nov 24, 2017 at 10:47 AM, Aman Sharma <
> amansh.shar...@gmail.com>
> > > wrote:
> > >
> > >>
> > >>
> > >> Hi All,
> > >>
> > >> Currently Working on Cent OS 7.3 and login as a root User and my Id
> > >> command output is :
> > >>
> > >> *id*
> > >> *uid=0(root) gid=0(root) groups=0(root)
> > >> context=system_u:system_r:unconfined_t:s0-s0:c0.c1023*
> > >>
> > >> I want to change *System_u:system_r:unconfined_t to sysadm_u:sysadm_r
> > >> or **unconfined_u:**unconfined_r**. *
> > >>
> > >> *Also showing the output of following command :*
> > >>
> > >> *semanage user -l*
> > >>
> > >> *                Labeling   MLS/       MLS/                          *
> > >> *SELinux User    Prefix     MCS Level  MCS Range
> > >> SELinux Roles*
> > >>
> > >> *admin_u         user       s0         s0-s0:c0.c1023
> > >>  sysadm_r system_r*
> > >> *guest_u         user       s0         s0
> > >>  guest_r*
> > >> *root            user       s0         s0-s0:c0.c1023
> > >>  staff_r sysadm_r*
> > >> *specialuser_u   user       s0         s0
> > >>  sysadm_r system_r*
> > >> *staff_u         user       s0         s0-s0:c0.c1023
> > >>  staff_r sysadm_r system_r*
> > >> *sysadm_u        user       s0         s0-s0:c0.c1023
> > >>  sysadm_r*
> > >> *system_u        user       s0         s0-s0:c0.c1023
> > >>  system_r*
> > >> *unconfined_u    user       s0         s0-s0:c0.c1023
> > >>  system_r unconfined_r*
> > >> *user_u          user       s0         s0
> > >>  user_r*
> > >> *xguest_u        user       s0         s0
> > >>  xguest_r*
> > >>
> > >>
> > >> * semanage login -l*
> > >>
> > >> *Login Name           SELinux User         MLS/MCS Range
> Service*
> > >>
> > >> *__default__          sysadm_u             s0-s0:c0.c1023       **
> > >> *ccmservice           specialuser_u        s0                   **
> > >> *cucm                 admin_u              s0-s0:c0.c1023       **
> > >> *drfkeys              specialuser_u        s0                   **
> > >> *drfuser              specialuser_u        s0                   **
> > >> *informix             specialuser_u        s0                   **
> > >> *pwrecovery           specialuser_u        s0                   **
> > >> *root                 sysadm_u             s0-s0:c0.c1023       **
> > >> *sftpuser             specialuser_u        s0                   **
> > >> *system_u             sysadm_u             s0-s0:c0.c1023       **
> > >>
> > >>
> > >> *Can anybody Please help me.*
> > >>
> > >> --
> > >>
> > >> Thanks
> > >> Aman
> > >> Cell: +91 9990296404 |  Email ID : amansh.shar...@gmail.com
> > >>
> > >>
> > >
> >
> >
> > --
> >
> > Thanks
> > Aman
> > Cell: +91 9990296404 |  Email ID : amansh.shar...@gmail.com
> >
>
> --
> Simon Sekidde
> gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E
>
>
>


-- 

Thanks
Aman
Cell: +91 9990296404 |  Email ID : amansh.shar...@gmail.com

Reply via email to