SElinux error and lock out

[greenhoss]

I have accidentally locked myself out in the following manner. I have Fedora 13 with SElinux. The whole hard drive was encrypted at install with Fedora's standard method. Upon logging into a non-root account called "hoss", I set the policy (in gnome) System menu -> Administration -> SElinux administration -> User Mapping -> added the logged on user as a SElinux user with only user_u privileges. After reboot, I successfully log in as hoss, but now I get an error when trying to open the SElinux administration, any open office program, or any task requiring elevation with root password (the prompt never comes up). What is worse is I did not set the ability to login the console as root. This user now does not have write privileges to any of root's documents. I cannot access the hard drive from a remote source because it is encrypted. Is there any way whatsoever to now elevate myself to root to reconfigure SElinux? When I open the SElinux administration Should there not be a prompt that gives me a root password to be able to correct SElinux by removing "hoss" from the list? As of right now this account seems to be totally unable to be elevated to higher privileges. I cannot even use the Add/Remove software feature to apply patches to SElinux without a root password. Elevating to su in bash is also blocked. Oy.

[LucaREz]

does you tried sudo su?
or at log in, selecting other and using user root and password?

[greenhoss]

I fixed the issue by using the Fedora install disk at boot and doing a "repair" mode and logging in as root. I still had to know the encyrpted drive password of course. Once to the root prompt, I typed startx to get a GUI and then removed my user from the SElinux user list. The issue still remains though. I would like to be able to just type in a password at SElinux to elevate the user to admin priveledges.

[LucaREz]

Code:

[selinux@fedora32 ~]$ cat /etc/selinux/config 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#	enforcing - SELinux security policy is enforced.
#	permissive - SELinux prints warnings instead of enforcing.
#	disabled - SELinux is fully disabled.
SELINUX=permissive
# SELINUXTYPE= type of policy in use. Possible values are:
#	targeted - Only targeted network daemons are protected.
#	strict - Full SELinux protection.
SELINUXTYPE=targeted

if you set SELINUXTYPE=targeted
you are uncofined_u and can do anything as if SELinux was targeted, the only difference is that primary service as (smb ftp http...) are constricted and you can configure it with setsebool (to see what bool you have to set you can use getsebool -a | grep <service> where instead of <service> you write the service you need

if you are inerested take a look at "SELinux by example" (2006) it is old but not so useless chapter 13.2.1.2. Adding a Privileged User Account