Re: Qwery regarding Selinux Change Id context

2017-11-23 Thread Aman Sharma 
Hi Ravi,

Thanks for your reply but SSH and Sysadm_login is already enabled.

Actually I need to change the root context  from*System_u:system_r:unconfined_t
to sysadm_u:sysadm_r or **unconfined_u:**unconfined_r**.*

*I found one command (**runcon
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /bin/bash**) but that
command will not work after reboot . Is there any parmanent solution for
this.*

On Fri, Nov 24, 2017 at 12:22 PM, Ravi Kumar  wrote:

> Based on the config  each type of login ( ssh ,shell  ) will have it own
> role .  if this is just for testing you can try setting the  bool value  if
> you are logging via ssh.
>
> setsebool -P ssh_sysadm_login 1
>
>
>
> Regards,
> Ravi
>
> On Fri, Nov 24, 2017 at 10:47 AM, Aman Sharma 
> wrote:
>
>>
>>
>> Hi All,
>>
>> Currently Working on Cent OS 7.3 and login as a root User and my Id
>> command output is :
>>
>> *id*
>> *uid=0(root) gid=0(root) groups=0(root)
>> context=system_u:system_r:unconfined_t:s0-s0:c0.c1023*
>>
>> I want to change *System_u:system_r:unconfined_t to sysadm_u:sysadm_r
>> or **unconfined_u:**unconfined_r**. *
>>
>> *Also showing the output of following command :*
>>
>> *semanage user -l*
>>
>> *Labeling   MLS/   MLS/  *
>> *SELinux UserPrefix MCS Level  MCS Range
>> SELinux Roles*
>>
>> *admin_u user   s0 s0-s0:c0.c1023
>>  sysadm_r system_r*
>> *guest_u user   s0 s0
>>  guest_r*
>> *rootuser   s0 s0-s0:c0.c1023
>>  staff_r sysadm_r*
>> *specialuser_u   user   s0 s0
>>  sysadm_r system_r*
>> *staff_u user   s0 s0-s0:c0.c1023
>>  staff_r sysadm_r system_r*
>> *sysadm_uuser   s0 s0-s0:c0.c1023
>>  sysadm_r*
>> *system_uuser   s0 s0-s0:c0.c1023
>>  system_r*
>> *unconfined_uuser   s0 s0-s0:c0.c1023
>>  system_r unconfined_r*
>> *user_u  user   s0 s0
>>  user_r*
>> *xguest_uuser   s0 s0
>>  xguest_r*
>>
>>
>> * semanage login -l*
>>
>> *Login Name   SELinux User MLS/MCS RangeService*
>>
>> *__default__  sysadm_u s0-s0:c0.c1023   **
>> *ccmservice   specialuser_us0   **
>> *cucm admin_u  s0-s0:c0.c1023   **
>> *drfkeys  specialuser_us0   **
>> *drfuser  specialuser_us0   **
>> *informix specialuser_us0   **
>> *pwrecovery   specialuser_us0   **
>> *root sysadm_u s0-s0:c0.c1023   **
>> *sftpuser specialuser_us0   **
>> *system_u sysadm_u s0-s0:c0.c1023   **
>>
>>
>> *Can anybody Please help me.*
>>
>> --
>>
>> Thanks
>> Aman
>> Cell: +91 9990296404 |  Email ID : amansh.shar...@gmail.com
>>
>>
>


-- 

Thanks
Aman
Cell: +91 9990296404 |  Email ID : amansh.shar...@gmail.com

Re: Qwery regarding Selinux Change Id context

2017-11-23 Thread Ravi Kumar 
Based on the config  each type of login ( ssh ,shell  ) will have it own
role .  if this is just for testing you can try setting the  bool value  if
you are logging via ssh.

setsebool -P ssh_sysadm_login 1



Regards,
Ravi

On Fri, Nov 24, 2017 at 10:47 AM, Aman Sharma 
wrote:

>
>
> Hi All,
>
> Currently Working on Cent OS 7.3 and login as a root User and my Id
> command output is :
>
> *id*
> *uid=0(root) gid=0(root) groups=0(root)
> context=system_u:system_r:unconfined_t:s0-s0:c0.c1023*
>
> I want to change *System_u:system_r:unconfined_t to sysadm_u:sysadm_r or *
> *unconfined_u:**unconfined_r**. *
>
> *Also showing the output of following command :*
>
> *semanage user -l*
>
> *Labeling   MLS/   MLS/  *
> *SELinux UserPrefix MCS Level  MCS Range
> SELinux Roles*
>
> *admin_u user   s0 s0-s0:c0.c1023
>  sysadm_r system_r*
> *guest_u user   s0 s0
>  guest_r*
> *rootuser   s0 s0-s0:c0.c1023
>  staff_r sysadm_r*
> *specialuser_u   user   s0 s0
>  sysadm_r system_r*
> *staff_u user   s0 s0-s0:c0.c1023
>  staff_r sysadm_r system_r*
> *sysadm_uuser   s0 s0-s0:c0.c1023
>  sysadm_r*
> *system_uuser   s0 s0-s0:c0.c1023
>  system_r*
> *unconfined_uuser   s0 s0-s0:c0.c1023
>  system_r unconfined_r*
> *user_u  user   s0 s0
>  user_r*
> *xguest_uuser   s0 s0
>  xguest_r*
>
>
> * semanage login -l*
>
> *Login Name   SELinux User MLS/MCS RangeService*
>
> *__default__  sysadm_u s0-s0:c0.c1023   **
> *ccmservice   specialuser_us0   **
> *cucm admin_u  s0-s0:c0.c1023   **
> *drfkeys  specialuser_us0   **
> *drfuser  specialuser_us0   **
> *informix specialuser_us0   **
> *pwrecovery   specialuser_us0   **
> *root sysadm_u s0-s0:c0.c1023   **
> *sftpuser specialuser_us0   **
> *system_u sysadm_u s0-s0:c0.c1023   **
>
>
> *Can anybody Please help me.*
>
> --
>
> Thanks
> Aman
> Cell: +91 9990296404 |  Email ID : amansh.shar...@gmail.com
>
>

Fwd: Qwery regarding Selinux Change Id context

2017-11-23 Thread Aman Sharma 
Hi All,

Currently Working on Cent OS 7.3 and login as a root User and my Id command
output is :

*id*
*uid=0(root) gid=0(root) groups=0(root)
context=system_u:system_r:unconfined_t:s0-s0:c0.c1023*

I want to change *System_u:system_r:unconfined_t to sysadm_u:sysadm_r or *
*unconfined_u:**unconfined_r**. *

*Also showing the output of following command :*

*semanage user -l*

*Labeling   MLS/   MLS/  *
*SELinux UserPrefix MCS Level  MCS Range
SELinux Roles*

*admin_u user   s0 s0-s0:c0.c1023
 sysadm_r system_r*
*guest_u user   s0 s0
 guest_r*
*rootuser   s0 s0-s0:c0.c1023
 staff_r sysadm_r*
*specialuser_u   user   s0 s0
 sysadm_r system_r*
*staff_u user   s0 s0-s0:c0.c1023
 staff_r sysadm_r system_r*
*sysadm_uuser   s0 s0-s0:c0.c1023
 sysadm_r*
*system_uuser   s0 s0-s0:c0.c1023
 system_r*
*unconfined_uuser   s0 s0-s0:c0.c1023
 system_r unconfined_r*
*user_u  user   s0 s0
 user_r*
*xguest_uuser   s0 s0
 xguest_r*


* semanage login -l*

*Login Name   SELinux User MLS/MCS RangeService*

*__default__  sysadm_u s0-s0:c0.c1023   **
*ccmservice   specialuser_us0   **
*cucm admin_u  s0-s0:c0.c1023   **
*drfkeys  specialuser_us0   **
*drfuser  specialuser_us0   **
*informix specialuser_us0   **
*pwrecovery   specialuser_us0   **
*root sysadm_u s0-s0:c0.c1023   **
*sftpuser specialuser_us0   **
*system_u sysadm_u s0-s0:c0.c1023   **


*Can anybody Please help me.*

-- 

Thanks
Aman
Cell: +91 9990296404 |  Email ID : amansh.shar...@gmail.com