Hi Stephen, I got the below logs from the file .Can you please if these logs are fine or not :
journalctl | grep selinux Dec 05 02:55:46 localhost.localdomain kernel: EVM: security.selinux Dec 04 21:26:10 cucm audispd[569]: node=localhost.localdomain type=USER_START msg=audit(1512402970.129:107): pid=7145 uid=0 auid=0 ses=2 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=10.97.7.209 addr=10.97.7.209 terminal=ssh res=success' Dec 04 21:26:10 cucm audispd[569]: node=localhost.localdomain type=USER_START msg=audit(1512402970.131:108): pid=7568 uid=0 auid=0 ses=3 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="root" exe="/usr/sbin/sshd" hostname=10.97.7.209 addr=10.97.7.209 terminal=ssh res=success' Please let me know if any comments are there. On Mon, Dec 4, 2017 at 9:10 PM, Stephen Smalley <[email protected]> wrote: > On Sat, 2017-12-02 at 09:29 +0530, Aman Sharma wrote: > > Hi All, > > > > Thanks for the information. > > > > But after resetting the semanage User/login, and moving the targeted > > folder to old one and then install the default target. then also its > > still showing the > > Id context as context=system_u:system_r:unconfined_t:s0-s0:c0.c1023. > > > > What I observed is after changing the permission using semanage > > command also, its still showing the system_u:system_r. > > > > Check the semanage login/User output : > > > > semanage login -l > > > > Login Name SELinux User MLS/MCS Range > > Service > > > > __default__ unconfined_u s0-s0:c0.c1023 * > > root unconfined_u s0-s0:c0.c1023 * > > system_u system_u s0-s0:c0.c1023 * > > > > > > semanage user -l > > > > Labeling MLS/ MLS/ > > SELinux User Prefix MCS Level MCS Range > > SELinux Roles > > > > guest_u user s0 s0 > > guest_r > > root user s0 s0-s0:c0.c1023 > > staff_r sysadm_r system_r unconfined_r > > staff_u user s0 s0-s0:c0.c1023 > > staff_r sysadm_r system_r unconfined_r > > sysadm_u user s0 s0-s0:c0.c1023 > > sysadm_r > > system_u user s0 s0-s0:c0.c1023 > > system_r unconfined_r > > unconfined_u user s0 s0-s0:c0.c1023 > > system_r unconfined_r > > user_u user s0 s0 > > user_r > > xguest_u user s0 s0 > > xguest_r > > > > > > Looks like its related to some other issue. What you think about > > this. > > Do you have any relevant error messages in /var/log/secure or > journalctl -rb? Look for anything that refers to selinux or context. > > I'm guessing that pam_selinux is unable to determine a valid context > for your login for some reason, and this is causing it to fall back to > this one. Or something like that. > > You could try to emulate this process via selinuxdefcon, although I'm > not sure how closely it matches pam_selinux anymore. Sample usage: > > 1. See what context sshd is running in. > > ps -eZ | grep sshd > > It should be: > system_u:system_r:sshd_t:s0-s0:c0.c1023 > > 2. Run selinuxdefcon to compute the default context for root when > logging in from sshd: > > # Second argument should be whatever was shown by ps -eZ | grep sshd > above. > selinuxdefcon root system_u:system_r:sshd_t:s0-s0.c0123 > > It should be: > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > > -- Thanks Aman Cell: +91 9990296404 | Email ID : [email protected]
