Find the answer to your Linux question:
Results 1 to 3 of 3
Hello, I have configured some selinux contexts for users in a VM: # semanage login -l Login Name SELinux User MLS/MCS Range __default__ unconfined_u s0-s0:c0.c1023 noadm user_u s0 noadmin staff_u ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2013
    Posts
    3

    Talking Switch SeLinux contex on su


    Hello,

    I have configured some selinux contexts for users in a VM:

    # semanage login -l

    Login Name SELinux User MLS/MCS Range

    __default__ unconfined_u s0-s0:c0.c1023
    noadm user_u s0
    noadmin staff_u s0-s0:c0.c1023
    root unconfined_u s0-s0:c0.c1023
    system_u system_u s0-s0:c0.c1023

    When I login with one of this users, the context is updated in accordance with the policy. However, if I switch user (su) to noadm for example from root account, the context remains unconfined_u. I believe that I should edit something in the pam configs and I tried adding "session required pam_selinux.so open" to the end of su related pam file, but it is not working well. Any ideas?


    Regards,
    Alex

  2. #2
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    779
    This FAQ implies that the new contexts should be applied:
    SELinux FAQ

    Have you tried su from an account other than root?

    Perhaps check or file a bug report.

  3. #3
    Just Joined!
    Join Date
    Jan 2013
    Posts
    3
    Thanks. I'll try it again tomorrow. Good FAQ anyway.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •