Menu
▾
▴
selinux-bugs — Mail from the bugs tracker
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(1) |
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2017 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(3) |
|
From: Aman S. <ama...@gm...> - 2017-12-04 10:21:16
|
Hi All,
During System boot up, I am running some semanage commands to change the
User to sysadm_u. But in Cent OS 7.3 , Below error message is coming
i.e. *ValueError:
Login mapping for __default__ is not defined.*
/usr/sbin/semanage login -m -S targeted -s user_u -r s0 __default__
ValueError: Login mapping for __default__ is not defined
But the same command is working fine in Cent OS 6.8.
Please let me know why this error message is coming for Cent OS 7.
--
Thanks
Aman
Cell: +91 9990296404 | Email ID : ama...@gm...
--
Thanks
Aman
Cell: +91 9990296404 | Email ID : ama...@gm...
|
|
From: Aman S. <ama...@gm...> - 2017-12-04 10:14:59
|
Hi All, Thanks for the information. But after resetting the semanage User/login, and moving the targeted folder to old one and then install the default target. then also its still showing the Id context as context=*system_u:system_r:unconfined_t:s0-s0:c0.c1023.* *What I observed is after changing the permission using semanage command also, its still showing the system_u:system_r. * *Check the semanage login/User output :* *semanage login -l* *Login Name SELinux User MLS/MCS Range Service* *__default__ unconfined_u s0-s0:c0.c1023 ** *root unconfined_u s0-s0:c0.c1023 ** *system_u system_u s0-s0:c0.c1023 ** *semanage user -l* * Labeling MLS/ MLS/ * *SELinux User Prefix MCS Level MCS Range SELinux Roles* *guest_u user s0 s0 guest_r* *root user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r* *staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r* *sysadm_u user s0 s0-s0:c0.c1023 sysadm_r* *system_u user s0 s0-s0:c0.c1023 system_r unconfined_r* *unconfined_u user s0 s0-s0:c0.c1023 system_r unconfined_r* *user_u user s0 s0 user_r* *xguest_u user s0 s0 xguest_r* Looks like its related to some other issue. What you think about this. Thanks Aman On Sat, Dec 2, 2017 at 1:05 AM, Simon Sekidde <sse...@re...> wrote: > > > ----- Original Message ----- > > From: "Stephen Smalley" <sd...@ty...> > > To: "Simon Sekidde" <sse...@re...>, "Aman Sharma" < > ama...@gm...> > > Cc: "SELinux" <se...@ty...> > > Sent: Friday, December 1, 2017 2:28:17 PM > > Subject: Re: Qwery regarding Selinux Change Id context > > > > On Fri, 2017-12-01 at 14:16 -0500, Simon Sekidde wrote: > > > > > > ----- Original Message ----- > > > > From: "Aman Sharma" <ama...@gm...> > > > > To: "SELinux" <se...@ty...> > > > > Sent: Thursday, November 30, 2017 11:26:21 PM > > > > Subject: Re: Fwd: Qwery regarding Selinux Change Id context > > > > > > > > Hi , > > > > > > > > mv /var/lib/selinux/targeted /var/lib/selinux/targeted.old > > > > > > > > This targeted folder is not there. > > > > > > > > After searching I got the below result : > > > > > > > > find / -type d -name "*targeted" -print > > > > > > > > /usr/share/selinux/targeted > > > > /etc/selinux/targeted > > > > > > > > Pleas let me know your comments. > > > > > > > > > > Run > > > > > > mv /etc/selinux/targeted /etc/selinux/targeted.old > > > yum reinstall selinux-policy-targeted > > > > He already tried that and it allegedly didn't help. It also seems to > > leave you without a /etc/selinux/targeted/active/seusers file for some > > reason, such that semanage login -l shows nothing. But you can recover > > by copying /etc/selinux/targeted/seusers to > > /etc/selinux/targeted/active/seusers. That's a bug. > > > > Interesting. Thanks for spotting this. > > > > > > > Also what does this output show > > > > > > ps -aelfZ | grep -i ssh > > > > > > > > > > > On Fri, Dec 1, 2017 at 1:49 AM, Dominick Grift <dac.override@gmail. > > > > com> > > > > wrote: > > > > > > > > > On Thu, Nov 30, 2017 at 11:10:43AM +0530, Aman Sharma wrote: > > > > > > Hi Stephen, > > > > > > > > > > > > After reseting Selinux targeted folder also (the steps you > > > > > > mentioned in > > > > > > > > > > the > > > > > > earlier mail), Still its showing the same Id context i.e. > > > > > > > > > > > > *id* > > > > > > *uid=0(root) gid=0(root) groups=0(root) > > > > > > context=system_u:system_r:unconfined_t:s0-s0:c0.c1023* > > > > > > *[root@cucm2 ~]# id -Z* > > > > > > *system_u:system_r:unconfined_t:s0-s0:c0.c1023* > > > > > > > > > > > > *And semanage login -l is showing blank output. * > > > > > > > > > > > > *Do you have any idea about this.* > > > > > > > > > > > > *Thanks* > > > > > > *Aman* > > > > > > > > > > Try the same procedure again but this time also do before > > > > > reinstalling: > > > > > > > > > > mv /var/lib/selinux/targeted /var/lib/selinux/targeted.old > > > > > > > > > > > > > > > > > > > > > > > On Wed, Nov 29, 2017 at 11:04 PM, Stephen Smalley <sds@tycho.ns > > > > > > a.gov> > > > > > > > > > > wrote: > > > > > > > > > > > > > On Wed, 2017-11-29 at 22:01 +0530, Aman Sharma wrote: > > > > > > > > After resetting boolean also, showing the same id context. > > > > > > > > > > > > > > And did you try fully resetting your policy as I suggested: > > > > > > > mv /etc/selinux/targeted /etc/selinux/targeted.old > > > > > > > yum reinstall selinux-policy-targeted > > > > > > > reboot > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Wed, Nov 29, 2017 at 9:50 PM, Stephen Smalley <sds@tycho > > > > > > > > .nsa.gov> > > > > > > > > wrote: > > > > > > > > > On Wed, 2017-11-29 at 21:39 +0530, Aman Sharma wrote: > > > > > > > > > > Hi Stephen, > > > > > > > > > > > > > > > > > > > > After enabling the unconfined module and after reboot > > > > > > > > > > also, Still > > > > > > > > > > showing the same id context. > > > > > > > > > > > > > > > > > > > > Is there any way to make the id context to normal state > > > > > > > > > > again ? > > > > > > > > > > > > > > > > > > Hmmm...try resetting all booleans too? semanage boolean > > > > > > > > > -D > > > > > > > > > > > > > > > > > > Or you could be drastic and completely reset your policy: > > > > > > > > > mv /etc/selinux/targeted /etc/selinux/targeted.old > > > > > > > > > yum reinstall selinux-policy-targeted > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > > > Thanks > > > > > > > > Aman > > > > > > > > Cell: +91 9990296404 | Email ID : ama...@gm... > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > Thanks > > > > > > Aman > > > > > > Cell: +91 9990296404 | Email ID : ama...@gm... > > > > > > > > > > -- > > > > > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B > > > > > 6B02 > > > > > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7 > > > > > B6B02 > > > > > Dominick Grift > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > Thanks > > > > Aman > > > > Cell: +91 9990296404 | Email ID : ama...@gm... > > > > > > > > > > > > > > -- > Simon Sekidde > gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E > > > -- Thanks Aman Cell: +91 9990296404 | Email ID : ama...@gm... -- Thanks Aman Cell: +91 9990296404 | Email ID : ama...@gm... |
|
From: Aman S. <ama...@gm...> - 2017-12-04 10:13:41
|
Hi All, I am seeing a number of su core files after a fresh install of Cent OS 7 Machine. In this particular case I have 622 cores files found. The backtrace is given below Reading symbols from /usr/bin/su...Reading symbols from /usr/bin/su...(no debugging symbols found)...done. (no debugging symbols found)...done. [New LWP 15427] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `su - informix -c source /usr/local/cm/db/informix/local/ids.env; /usr/local/cm/'. Program terminated with signal 6, Aborted. #0 0x00007f74f109a1d7 in raise () from /lib64/libc.so.6 ==================================== backtrace =================================== *#0 0x00007f74f109a1d7 in raise () from /lib64/libc.so.6 * *#1 0x00007f74f109b8c8 in abort () from /lib64/libc.so.6 #2 0x00007f74f1093146 in __assert_fail_base () from /lib64/libc.so.6 #3 0x00007f74f10931f2 in __assert_fail () from /lib64/libc.so.6 #4 0x00007f74e9ed46ac in avc_context_to_sid_raw () from /lib64/libselinux.so.1 #5 0x00007f74e9ed46e5 in avc_context_to_sid () from /lib64/libselinux.so.1 #6 0x00007f74e9ed83ad in selinux_check_access () from /lib64/libselinux.so.1 #7 0x00007f74ea0f4d76 in check_for_root () from /lib/security/../../lib64/security/pam_rootok.so #8 0x00007f74f162cf1a in _pam_dispatch () from /lib64/libpam.so.0 #9 0x00007f74f162c7e0 in pam_authenticate () from /lib64/libpam.so.0 #10 0x00007f74f1a5f857 in su_main () #11 0x00007f74f1086b35 in __libc_start_main () from /lib64/libc.so.6 #12 0x00007f74f1a5e890 in _start () ==================================== * >From the Back trace logs , looks like crash is related to Selinux. Can Any body Please help me on this. why its getting crash. -- Thanks Aman Cell: +91 9990296404 | Email ID : ama...@gm... -- Thanks Aman Cell: +91 9990296404 | Email ID : ama...@gm... |
|
From: SourceForge.net <no...@so...> - 2008-08-02 21:01:37
|
Bugs item #2036170, was opened at 2008-08-02 23:01 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=2036170&group_id=21266 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: selinux-doc Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: amreg (amreg) Assigned to: Nobody/Anonymous (nobody) Summary: Truncated FAQ in this site Initial Comment: Hi, The version of the "Unofficial FAQ" available under the "Documentation" tab of this site (URL http://sourceforge.net/docman/display_doc.php?docid=14882&group_id=21266) seems truncated (it ends abruptly after the "How do I switch between enforcement and permissive modes at run time ?" question, that is near the middle of the complete FAQ if I compare with the TOC at the beginning). NB : the original FAQ available on the author's site (www.crypt.gen.nz/selinux/faq.html) seems complete. Best Regards. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=2036170&group_id=21266 |
|
From: SourceForge.net <no...@so...> - 2007-03-02 15:31:11
|
Bugs item #1672486, was opened at 2007-03-02 10:31 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1672486&group_id=21266 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: policycoreutils Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: James Athey (lightstruk) Assigned to: Nobody/Anonymous (nobody) Summary: command line binaries should support --version and --help Initial Comment: As detailed at http://www.gnu.org/prep/standards/html_node/Command_002dLine-Interfaces.html , it's a good idea for command line programs to support the --version and --help command line options. It's easier to find out what version a program is via --version than via rpm -q, where the name of the rpm may not match the name of the program. It should be trivial to add these to both the C and the python programs in policycoreutils. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1672486&group_id=21266 |
|
From: SourceForge.net <no...@so...> - 2006-11-30 14:59:28
|
Bugs item #1606103, was opened at 2006-11-30 09:59 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1606103&group_id=21266 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: libsemanage Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Karl MacMillan (kmacmillan) Assigned to: Karl MacMillan (kmacmillan) Summary: Semanage cannot export changes Initial Comment: Stephen Smalley wrote: > On Wed, 2006-11-29 at 18:41 -0500, Steve Friedman wrote: >> The various GUI tools are nice for getting a policy configured correctly; >> however, to propagate this configuration to a series of like modified >> machines one runs into a speed bump. >> >> The files (e.g., booleans.local) state that the semanage command should be >> used to modify the file; however, via the GUI I am blissfully unaware of >> the actual commands (and would like to remain so). >> >> But, it would seem that it should be perfectly legal to propagate the >> various ".local" files directly. If this is legal, what commands must be >> issued to cause selinux to read the various policy updates? If this isn't >> legal, then what means can be used to propagate the policy? > > I don't think it is "legal" in the sense that those files are the > private state of libsemanage and are only supposed to be manipulated via > the libsemanage interfaces by programs like semodule, semanage and > setsebool. libsemanage will ultimately support other backends beyond > just the current direct access to the local file store, such as access > to local and ultimately remote policy management daemons. > > However, I'm not sure that there is a good mechanism at present to do > what you want in a "legal" way (Joshua or Karl feel free to contradict > me if there is). If you do simply copy them over using your favorite > utility for doing so, you can run semodule -B on the target machine to > force a rebuild and reload of the kernel policy from the updated policy > store there. Not sure if that is exported through any GUI at present. > ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1606103&group_id=21266 |
|
From: SourceForge.net <no...@so...> - 2006-10-21 23:32:04
|
Bugs item #1582034, was opened at 2006-10-22 01:32 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1582034&group_id=21266 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Pierre (pierre42) Assigned to: Nobody/Anonymous (nobody) Summary: Problem compiling libselinux-1.32 Initial Comment: # make make -C src make[1]: Entering directory `/tmp/libselinux-1.32/src' gcc -s -O3 -march=i686 -I../include -I/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -mno-tls-direct-seg-refs -c -o fgetfilecon.o fgetfilecon.c fgetfilecon.c:6:23: sys/xattr.h: No such file or directory make[1]: *** [fgetfilecon.o] Error 1 make[1]: Leaving directory `/tmp/libselinux-1.32/src' make: *** [all] Error 2 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1582034&group_id=21266 |
|
From: SourceForge.net <no...@so...> - 2006-09-11 02:47:16
|
Bugs item #1556068, was opened at 2006-09-11 04:47 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1556068&group_id=21266 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Erich Schubert (erich) Assigned to: Nobody/Anonymous (nobody) Summary: semanage disk full error handling Initial Comment: ... took me a long time and strace() to find out why semodule was failing with different error messages. It would be helpful if errors during write operations (e.g. copying to refpolicy/modules/tmp and linking the policy), error codes would be passed along to the user. Especially if the error is "out of diskspace". ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1556068&group_id=21266 |
|
From: SourceForge.net <no...@so...> - 2006-09-08 02:58:10
|
Bugs item #1554488, was opened at 2006-09-07 21:58 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1554488&group_id=21266 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: libsemanage Group: None Status: Open Resolution: None Priority: 5 Submitted By: Serge Hallyn (serge_hallyn) Assigned to: Nobody/Anonymous (nobody) Summary: semanage user deletions don't delete logins Initial Comment: It appears removing a user with semanage does not also remove it's associated logins. This is a problem because then re-adding the user fails. (I do not have the error handy as my test machines are all down atm) I had done: semanage user -a -R abat_r -P abat abat_u semanage login -a -s abat_u abat semanage user -d abat_u semanage user -a -R abat_r -P abat abat_u the last step failed. When I then did semanage login -d abat semanage user -a -R abat_r -P abat abat_u it succeeded. Not sure whether there is a good reason to leave the code like that, or whether semanage user -r should automatically imply semanage login -r. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1554488&group_id=21266 |
|
From: SourceForge.net <no...@so...> - 2006-09-05 18:50:45
|
Bugs item #1552902, was opened at 2006-09-05 13:50 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1552902&group_id=21266 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: policycoreutils Group: None Status: Open Resolution: None Priority: 5 Submitted By: Karl MacMillan (kmacmillan) Assigned to: Karl MacMillan (kmacmillan) Summary: Semanage security Initial Comment: Semanage needs a C wrapper to prevent race conditions and environment tampering. See http://marc.theaimsgroup.com/?l=selinux&m=115697792912765&w=2 for more information. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1552902&group_id=21266 |
|
From: SourceForge.net <no...@so...> - 2006-09-01 14:22:49
|
Bugs item #1550565, was opened at 2006-09-01 10:22 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1550565&group_id=21266 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: miscellaneous Group: None Status: Open Resolution: None Priority: 5 Submitted By: Stephen Smalley (ssmalley) Assigned to: Joshua Brindle (madmethod) Summary: A bug Initial Comment: This is a bug. Enjoy. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1550565&group_id=21266 |
