LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page SElinux context problem
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-04-2009, 06:58 PM   #1
Bit-Devil
LQ Newbie
 
Registered: Dec 2009
Posts: 1

Rep: Reputation: 0
SElinux context problem

Hello !

I have installed SElinux (included SElinux kernel options) on my openSUSE 11.1 with kernel 2.6.31.5.
I`m using the "refpolicy-2.20091117" from tresys http://oss.tresys.com/projects/refpo...ownloadRelease.

The problem I have is when I login via SSH to my system, the user context isn`t right: "id -Z" -> "context=root:sysadm_r:chkpwd_t"
and when I login locally with the same user the SElinux context is right "id -Z" -> "context=root:sysadm_r:sysadm_t" .
How can I change the SSH login context to the local login context.

Here some config options:

build.conf:
TYPE = standard
NAME = refpolicy
DIRECT_INITRC = y
MONOLITHIC = n
UBAC = y
MLS_SENS = 16
MLS_CATS = 256
MCS_CATS = 256
QUIET = n

vmware:~ # sestatus -v
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 24
Policy from config file: refpolicy

Process contexts:
Current context: root:sysadm_r:chkpwd_t
Init context: system_u:system_r:init_t
/sbin/mingetty system_u:system_r:sysadm_t
/usr/sbin/sshd system_u:system_r:sshd_t

File contexts:
Controlling term: root:object_r:devpts_t
/etc/passwd system_u:object_r:etc_t
/etc/shadow system_u:object_r:shadow_t
/bin/bash sysadm_u:object_r:shell_exec_t
/bin/login system_u:object_r:login_exec_t
/bin/sh system_u:object_r:bin_t -> sysadm_u:object_r:shell_exec_t
/sbin/agetty system_u:object_r:getty_exec_t
/sbin/init system_u:object_r:init_exec_t
/sbin/mingetty system_u:object_r:getty_exec_t
/usr/sbin/sshd system_u:object_r:sshd_exec_t
/lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:lib_t
/lib/ld-linux.so.2 system_u:object_r:lib_t -> system_u:object_r:ld_so_t

vmware:~ # semanage user -l
SELinux User SELinux Roles

root sysadm_r
staff_u staff_r
sysadm_u sysadm_r
system_u system_r
unconfined_u unconfined_r
user_u user_r

vmware:~ # semanage login -l
Login Name SELinux User

__default__ unconfined_u
testuser user_u
root root
seadmin sysadm_u
system_u system_u
vmware user_u

"id" command via SSH login
vmware:~ # id
uid=0(root) gid=0(root) groups=0(root) context=root:sysadm_r:chkpwd_t

"id" command to local login
vmware:~ # id
uid=0(root) gid=0(root) groups=0(root) context=root:sysadm_r:sysadm_t

Can anybody please help me ?

Regards
B.-D.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
logrotate creates /var/log/messages with the wrong selinux context on RHEL5 smoyse Red Hat 3 03-30-2009 08:20 PM
Is this context switching rate a problem? carlosreimer Red Hat 0 09-02-2005 01:36 PM
SELinux: How can I clear the context when I copy a file? walkinmud Linux - Enterprise 3 08-09-2005 11:23 PM
SELinux: How can I clear the context when I copy a file? walkinmud Linux - Security 1 08-09-2005 12:37 AM
invalid context in SELinux lothario Linux - Security 1 06-17-2005 04:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:09 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration