Re: Login Identities not applied when logging in...

[Daniel J Walsh <dwalsh@redhat.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lisa R. wrote:
> Hello again.
> 
> I realized that I need to run a restorecon after I semanage fcontext so that resolved my labeling issue.
> 
> However, I still have a problem with my logins.  They aren't being applied when I login.
> 
> When I semanage user -l as root I see my custom "selinux user" associated with the custom label.
> 
> When I semange login -l as root I see my custom "selinux user" associated with the "login name" that I created with adduser.
> 
> However, when I login and run id -Z as my new user I see the default security context set when I created the user under root.
> 
> All I am trying to do is apply a new login to one of my users but it won't take.
> 
> I tried a reboot...
> 
> Did I break something or do I need to apply something?
> 
> This worked the other day without a problem (likely story but it did).
>
I you want to change the default context that the root user logs in
with, you will need to edit /etc/selinux/*/contexts/users/root

> Thanks,
> Lisa
> j
> 
> ---- "Lisa R." <lraykow@cox.net> wrote: 
>> Hello.
>>
>> I am on a Debian Etch box with SELinux in permissive mode.  I am using the Strict policy.
>>
>> Of course I have no problem adding a user with something like:
>> useradd -c "SE Linux test user 1" -m -d /home/setest_1 -g users -s /bin/bash -u 1005 setest_1
>>
>> I then create a new SElinux user group:
>> semanage user -a -R 'user_r' -P selinuxtest selinuxtest_u
>>
>> Finally I create the login for setest_1:
>> semanage login -a -s selinuxtest_u setest_1
>>
>> ***I am doing this for example purposes***
>>
>> The other day this all worked great. I verified by logging in as setest_1 and ensuring the security context showed selinuxtest_u.
>>
>> However, later I created a very small policy module and added a new type mysetype_t.
>>
>> I created the .pp file with make -c Makefile
>> I installed the .pp file with semodule -i mymodule.pp
>>
>> I applied that type to everything under the /lisa directory with:
>> semanage fcontext -a -t mysetype_t "/lisa(/.*)?"
>>
>> I verified the type was applied with ls -Z.
>>
>> So no problems yet...
>>
>> Today when I login as setest_1 the security context is that of what it defaults to when root creates the user.  The login I applied the other day is gone.
>>
>> HOWEVER, if I do a semanage user -l and semanage login -l everything looks as it should. I see that the login for setest_1 is selinuxtest_u.
>>
>> I tried to semanage fcontext -a -t mysetype_t "/somedirectory(/.*)?"
>> and that didn't work either.
>>
>> HOWEVER, I did a restorecon on each individual file and that seemed to work.  
>>
>> What is going on or how do I "restorecon" my logins so I can see any new logins I applied?
>>
>> Thanks,
>> Lisa
>>
>>
>>
>>
>>
>> --
>> This message was distributed to subscribers of the selinux mailing list.
>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
>> the words "unsubscribe selinux" without quotes as the message.
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEUEARECAAYFAkfvLQIACgkQrlYvE4MpobMAPACWIePIB5I2yfWq6jFn4S8J+cLd
ZACfequgBnpKVXE4UO2NuY3f3kY1XOc=
=FALo
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.