Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-04-2009, 06:58 PM   #1
LQ Newbie
Registered: Dec 2009
Posts: 1

Rep: Reputation: 0
SElinux context problem

Hello !

I have installed SElinux (included SElinux kernel options) on my openSUSE 11.1 with kernel
I`m using the "refpolicy-2.20091117" from tresys

The problem I have is when I login via SSH to my system, the user context isn`t right: "id -Z" -> "context=root:sysadm_r:chkpwd_t"
and when I login locally with the same user the SElinux context is right "id -Z" -> "context=root:sysadm_r:sysadm_t" .
How can I change the SSH login context to the local login context.

Here some config options:

TYPE = standard
NAME = refpolicy
UBAC = y
MLS_CATS = 256
MCS_CATS = 256

vmware:~ # sestatus -v
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 24
Policy from config file: refpolicy

Process contexts:
Current context: root:sysadm_r:chkpwd_t
Init context: system_u:system_r:init_t
/sbin/mingetty system_u:system_r:sysadm_t
/usr/sbin/sshd system_u:system_r:sshd_t

File contexts:
Controlling term: root:object_r:devpts_t
/etc/passwd system_u:object_r:etc_t
/etc/shadow system_u:object_r:shadow_t
/bin/bash sysadm_u:object_r:shell_exec_t
/bin/login system_u:object_r:login_exec_t
/bin/sh system_u:object_r:bin_t -> sysadm_u:object_r:shell_exec_t
/sbin/agetty system_u:object_r:getty_exec_t
/sbin/init system_u:object_r:init_exec_t
/sbin/mingetty system_u:object_r:getty_exec_t
/usr/sbin/sshd system_u:object_r:sshd_exec_t
/lib/ system_u:object_r:lib_t -> system_u:object_r:lib_t
/lib/ system_u:object_r:lib_t -> system_u:object_r:ld_so_t

vmware:~ # semanage user -l
SELinux User SELinux Roles

root sysadm_r
staff_u staff_r
sysadm_u sysadm_r
system_u system_r
unconfined_u unconfined_r
user_u user_r

vmware:~ # semanage login -l
Login Name SELinux User

__default__ unconfined_u
testuser user_u
root root
seadmin sysadm_u
system_u system_u
vmware user_u

"id" command via SSH login
vmware:~ # id
uid=0(root) gid=0(root) groups=0(root) context=root:sysadm_r:chkpwd_t

"id" command to local login
vmware:~ # id
uid=0(root) gid=0(root) groups=0(root) context=root:sysadm_r:sysadm_t

Can anybody please help me ?



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
logrotate creates /var/log/messages with the wrong selinux context on RHEL5 smoyse Red Hat 3 03-30-2009 08:20 PM
Is this context switching rate a problem? carlosreimer Red Hat 0 09-02-2005 01:36 PM
SELinux: How can I clear the context when I copy a file? walkinmud Linux - Enterprise 3 08-09-2005 11:23 PM
SELinux: How can I clear the context when I copy a file? walkinmud Linux - Security 1 08-09-2005 12:37 AM
invalid context in SELinux lothario Linux - Security 1 06-17-2005 04:03 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:09 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration