Hi Stephen, The output of semanage export is :
cat localchanges boolean -D login -D interface -D user -D port -D node -D fcontext -D module -D boolean -m -1 domain_kernel_load_modules boolean -m -1 selinuxuser_ping boolean -m -1 ssh_sysadm_login boolean -m -1 tomcat_can_network_non_http_port port -a -t tomcat_shutdown_port_t -p tcp 8005 port -a -t ils_port_t -p tcp 8006 port -a -t clm_port_t -p tcp 8500 port -a -t clm_port_t -p udp 8500 port -a -t snmp_port_t -p udp 61441 fcontext -a -f a -t tomcat_t '/home/tomcat(/.*)?' fcontext -a -f a -t db_t '/home/informix(/.*)?' fcontext -a -f a -t ipsec_exec_t '/root/.security/ipsec(/.*)?' fcontext -a -f a -t tomcat_exec_t '/root/.security/tomcat/tomcat_diagnostics.sh' module -d unconfined On Wed, Nov 29, 2017 at 9:10 PM, Stephen Smalley <[email protected]> wrote: > On Wed, 2017-11-29 at 20:47 +0530, Aman Sharma wrote: > > Hi Stephen, > > > > I tried all the three command i.e. > > semanage export > localchanges > > > > semanage login -D > > semanage user -D > > > > Then I reboot the system and after reboot , still its showing the > > root User as Same id context i.e. > > > > id > > uid=0(root) gid=0(root) groups=0(root) > > context=system_u:system_r:unconfined_t:s0-s0:c0.c1023 > > > > id -Z > > system_u:system_r:unconfined_t:s0-s0:c0.c1023 > > That's interesting. So what else does semanage export show now as > local changes? > > > Also check the below output : > > semanage user -l > > > > Labeling MLS/ MLS/ > > SELinux User Prefix MCS Level MCS Range > > SELinux Roles > > > > guest_u user s0 s0 > > guest_r > > root user s0 s0-s0:c0.c1023 > > staff_r sysadm_r system_r unconfined_r > > staff_u user s0 s0-s0:c0.c1023 > > staff_r sysadm_r system_r unconfined_r > > sysadm_u user s0 s0-s0:c0.c1023 > > sysadm_r > > system_u user s0 s0-s0:c0.c1023 > > system_r unconfined_r > > unconfined_u user s0 s0-s0:c0.c1023 > > system_r unconfined_r > > user_u user s0 s0 > > user_r > > xguest_u user s0 s0 > > xguest_r > > [root@cucm ~]# semanage login -l > > > > Login Name SELinux User MLS/MCS Range > > Service > > > > __default__ unconfined_u s0-s0:c0.c1023 * > > root unconfined_u s0-s0:c0.c1023 * > > system_u system_u s0-s0:c0.c1023 * > > > > Please let me know your comments on this. > > > > Thanks > > Aman > -- Thanks Aman Cell: +91 9990296404 | Email ID : [email protected]
