[refpolicy] after update with selinux userspace, and refpolicy cant login as my username and specified context.

[refpolicy] after update with selinux userspace, and refpolicy cant login as my username and specified context.

[Justin Mattock]

just pulled userspace tools update, and
refpolicy. seems I'm might be missing something
new.

id -Z shows
user_u:user_r:user_t

is there a boolean that I'm missing?
(BTW I have namespace.so enabled)

-- 
Justin P. Mattock

[refpolicy] after update with selinux userspace, and refpolicy cant login as my username and specified context.

[Justin P. Mattock]

Justin Mattock wrote:
> just pulled userspace tools update, and
> refpolicy. seems I'm might be missing something
> new.
>
> id -Z shows
> user_u:user_r:user_t
>
> is there a boolean that I'm missing?
> (BTW I have namespace.so enabled)
>
>    
So after getting some rest, and coming back to this
problem opening up gitk the first commit showing itself
seemed to be the problem somehow/someway:

Author: Chris PeBenito<cpebenito@tresys.com>   2009-10-23 08:20:07
Committer: Chris PeBenito<cpebenito@tresys.com>   2009-10-23 08:20:07
Parent: a1a45de06e41c529ad521058e438e20b5907cd45 (reorganize a92ee50)
Branches: master, remotes/origin/master
Follows: RELEASE_2_20090730
Precedes:

     Install the seusers file for monolithic policy.

when this commit is in the policy I get after logging in:
user_u:user_r:user_t
reverting this patch gives me
name:role_r:role_t

Wondering if Im doing something wrong with my build of
policy/users

gen_user(name, system_u, sysadm_r staff_r user_r, s0, s0 - mls_systemhigh, mcs_allcats)

Justin P. Mattock

[refpolicy] after update with selinux userspace, and refpolicy cant login as my username and specified context.

[Christopher J. PeBenito]

On Sun, 2009-10-25 at 19:17 +0000, Justin P. Mattock wrote:
> Justin Mattock wrote:
> > just pulled userspace tools update, and
> > refpolicy. seems I'm might be missing something
> > new.
> >
> > id -Z shows
> > user_u:user_r:user_t
> >
> > is there a boolean that I'm missing?
> > (BTW I have namespace.so enabled)
> >
> >    
> So after getting some rest, and coming back to this
> problem opening up gitk the first commit showing itself
> seemed to be the problem somehow/someway:
> 
> Author: Chris PeBenito<cpebenito@tresys.com>   2009-10-23 08:20:07
> Committer: Chris PeBenito<cpebenito@tresys.com>   2009-10-23 08:20:07
> Parent: a1a45de06e41c529ad521058e438e20b5907cd45 (reorganize a92ee50)
> Branches: master, remotes/origin/master
> Follows: RELEASE_2_20090730
> Precedes:
> 
>      Install the seusers file for monolithic policy.
> 
> when this commit is in the policy I get after logging in:
> user_u:user_r:user_t
> reverting this patch gives me
> name:role_r:role_t
> 
> Wondering if Im doing something wrong with my build of
> policy/users
> 
> gen_user(name, system_u, sysadm_r staff_r user_r, s0, s0 - mls_systemhigh, mcs_allcats)

You need to add name:role to the seusers file, otherwise you get the
__default__ seuser (user_u).  If the seusers file is missing, it falls
back to trying linuxuser as the seuser, then falls back to user_u.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

[refpolicy] after update with selinux userspace, and refpolicy cant login as my username and specified context.

[Justin P. Mattock]

Christopher J. PeBenito wrote:
> On Sun, 2009-10-25 at 19:17 +0000, Justin P. Mattock wrote:
>    
>> Justin Mattock wrote:
>>      
>>> just pulled userspace tools update, and
>>> refpolicy. seems I'm might be missing something
>>> new.
>>>
>>> id -Z shows
>>> user_u:user_r:user_t
>>>
>>> is there a boolean that I'm missing?
>>> (BTW I have namespace.so enabled)
>>>
>>>
>>>        
>> So after getting some rest, and coming back to this
>> problem opening up gitk the first commit showing itself
>> seemed to be the problem somehow/someway:
>>
>> Author: Chris PeBenito<cpebenito@tresys.com>    2009-10-23 08:20:07
>> Committer: Chris PeBenito<cpebenito@tresys.com>    2009-10-23 08:20:07
>> Parent: a1a45de06e41c529ad521058e438e20b5907cd45 (reorganize a92ee50)
>> Branches: master, remotes/origin/master
>> Follows: RELEASE_2_20090730
>> Precedes:
>>
>>       Install the seusers file for monolithic policy.
>>
>> when this commit is in the policy I get after logging in:
>> user_u:user_r:user_t
>> reverting this patch gives me
>> name:role_r:role_t
>>
>> Wondering if Im doing something wrong with my build of
>> policy/users
>>
>> gen_user(name, system_u, sysadm_r staff_r user_r, s0, s0 - mls_systemhigh, mcs_allcats)
>>      
>
> You need to add name:role to the seusers file, otherwise you get the
> __default__ seuser (user_u).  If the seusers file is missing, it falls
> back to trying linuxuser as the seuser, then falls back to user_u.
>
>    
Alright cool.

Justin P. Mattock