MLS Enforcing Problem

MLS Enforcing Problem

[Kashif ali]

[-- Attachment #1: Type: text/plain, Size: 256 bytes --]

Hi
* I'm facing an issue which is as follow
  When Selinux is in enforcing mode and Policy type is Mls after relabeling
of whole system it doesn't Allow me to login it gives me error login
incorrect did i missing something? or it is something else.
Thanks

[-- Attachment #2: Type: text/html, Size: 298 bytes --]

Re: MLS Enforcing Problem

[ileyd]

Hi,

Could you give more detail?  What operating system are you running, what error message exactly are you getting, etc.

This sounds vaguely like an issue that seems to be present on EL7 and later, and all remotely recent fedora versions.  

The issue seems to be caused by /etc being labelled as SystemHigh instead of SystemLow, despite the policy.  If you start the system in permissive mode, relabel it manually, and then put in in enforcing mode, you're able to login, etc.  I'm not sure what causes it or how to fix it.

Kind Regards,
ileyd

> On 26 Aug 2016, at 7:44 PM, Kashif ali <kashif.ali.9498@gmail.com> wrote:
> 
> Hi
> * I'm facing an issue which is as follow 
>   When Selinux is in enforcing mode and Policy type is Mls after relabeling of whole system it doesn't Allow me to login it gives me error login incorrect did i missing something? or it is something else.
> Thanks
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.

Re: MLS Enforcing Problem

[Kashif ali]

[-- Attachment #1: Type: text/plain, Size: 1363 bytes --]

i'm using centos 6.5 and there is no error after putting selinux in
enforced machine won't allow me to login

On Fri, Aug 26, 2016 at 9:48 PM, ileyd <ileyd@icloud.com> wrote:

> Hi,
>
> Could you give more detail?  What operating system are you running, what
> error message exactly are you getting, etc.
>
> This sounds vaguely like an issue that seems to be present on EL7 and
> later, and all remotely recent fedora versions.
>
> The issue seems to be caused by /etc being labelled as SystemHigh instead
> of SystemLow, despite the policy.  If you start the system in permissive
> mode, relabel it manually, and then put in in enforcing mode, you're able
> to login, etc.  I'm not sure what causes it or how to fix it.
>
> Kind Regards,
> ileyd
>
> > On 26 Aug 2016, at 7:44 PM, Kashif ali <kashif.ali.9498@gmail.com>
> wrote:
> >
> > Hi
> > * I'm facing an issue which is as follow
> >   When Selinux is in enforcing mode and Policy type is Mls after
> relabeling of whole system it doesn't Allow me to login it gives me error
> login incorrect did i missing something? or it is something else.
> > Thanks
> > _______________________________________________
> > Selinux mailing list
> > Selinux@tycho.nsa.gov
> > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> > To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.
>

[-- Attachment #2: Type: text/html, Size: 2013 bytes --]

Re: MLS Enforcing Problem

[Simon Sekidde]

----- Original Message -----
> From: "Kashif ali" <kashif.ali.9498@gmail.com>
> To: "ileyd" <ileyd@icloud.com>
> Cc: "SELinux" <selinux@tycho.nsa.gov>
> Sent: Friday, August 26, 2016 12:55:56 PM
> Subject: Re: MLS Enforcing Problem
> 
> i'm using centos 6.5 and there is no error after putting selinux in enforced
> machine won't allow me to login
> 

How are you trying to login? Is this through ssh? 
If so please make sure you have the 'ssh_sysadm_login' boolean enabled. 

> On Fri, Aug 26, 2016 at 9:48 PM, ileyd < ileyd@icloud.com > wrote:
> 
> 
> Hi,
> 
> Could you give more detail? What operating system are you running, what error
> message exactly are you getting, etc.
> 
> This sounds vaguely like an issue that seems to be present on EL7 and later,
> and all remotely recent fedora versions.
> 
> The issue seems to be caused by /etc being labelled as SystemHigh instead of
> SystemLow, despite the policy. If you start the system in permissive mode,
> relabel it manually, and then put in in enforcing mode, you're able to
> login, etc. I'm not sure what causes it or how to fix it.
> 
> Kind Regards,
> ileyd
> 
> > On 26 Aug 2016, at 7:44 PM, Kashif ali < kashif.ali.9498@gmail.com > wrote:
> > 
> > Hi
> > * I'm facing an issue which is as follow
> > When Selinux is in enforcing mode and Policy type is Mls after relabeling
> > of whole system it doesn't Allow me to login it gives me error login
> > incorrect did i missing something? or it is something else.
> > Thanks
> > _______________________________________________
> > Selinux mailing list
> > Selinux@tycho.nsa.gov
> > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov .
> > To get help, send an email containing "help" to
> > Selinux-request@tycho.nsa.gov .
> 
> 
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.

-- 
Simon Sekidde * Red Hat, Inc. * Westford, MA
gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E 

Re: MLS Enforcing Problem

[Kashif ali]

[-- Attachment #1: Type: text/plain, Size: 2245 bytes --]

No i am not login through ssh, i am try to  directly login on machine and
it gives error

On 30 Aug 2016 5:24 pm, "Simon Sekidde" <ssekidde@redhat.com> wrote:



----- Original Message -----
> From: "Kashif ali" <kashif.ali.9498@gmail.com>
> To: "ileyd" <ileyd@icloud.com>
> Cc: "SELinux" <selinux@tycho.nsa.gov>
> Sent: Friday, August 26, 2016 12:55:56 PM
> Subject: Re: MLS Enforcing Problem
>
> i'm using centos 6.5 and there is no error after putting selinux in
enforced
> machine won't allow me to login
>

How are you trying to login? Is this through ssh?
If so please make sure you have the 'ssh_sysadm_login' boolean enabled.

> On Fri, Aug 26, 2016 at 9:48 PM, ileyd < ileyd@icloud.com > wrote:
>
>
> Hi,
>
> Could you give more detail? What operating system are you running, what
error
> message exactly are you getting, etc.
>
> This sounds vaguely like an issue that seems to be present on EL7 and
later,
> and all remotely recent fedora versions.
>
> The issue seems to be caused by /etc being labelled as SystemHigh instead
of
> SystemLow, despite the policy. If you start the system in permissive mode,
> relabel it manually, and then put in in enforcing mode, you're able to
> login, etc. I'm not sure what causes it or how to fix it.
>
> Kind Regards,
> ileyd
>
> > On 26 Aug 2016, at 7:44 PM, Kashif ali < kashif.ali.9498@gmail.com >
wrote:
> >
> > Hi
> > * I'm facing an issue which is as follow
> > When Selinux is in enforcing mode and Policy type is Mls after
relabeling
> > of whole system it doesn't Allow me to login it gives me error login
> > incorrect did i missing something? or it is something else.
> > Thanks
> > _______________________________________________
> > Selinux mailing list
> > Selinux@tycho.nsa.gov
> > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov .
> > To get help, send an email containing "help" to
> > Selinux-request@tycho.nsa.gov .
>
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.

--
Simon Sekidde * Red Hat, Inc. * Westford, MA
gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E

[-- Attachment #2: Type: text/html, Size: 3738 bytes --]