Re: Qwery regarding Selinux Change Id context
Hi Ravi, Thanks for your reply but SSH and Sysadm_login is already enabled. Actually I need to change the root context from*System_u:system_r:unconfined_t to sysadm_u:sysadm_r or **unconfined_u:**unconfined_r**.* *I found one command (**runcon unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 /bin/bash**) but that command will not work after reboot . Is there any parmanent solution for this.* On Fri, Nov 24, 2017 at 12:22 PM, Ravi Kumarwrote: > Based on the config each type of login ( ssh ,shell ) will have it own > role . if this is just for testing you can try setting the bool value if > you are logging via ssh. > > setsebool -P ssh_sysadm_login 1 > > > > Regards, > Ravi > > On Fri, Nov 24, 2017 at 10:47 AM, Aman Sharma > wrote: > >> >> >> Hi All, >> >> Currently Working on Cent OS 7.3 and login as a root User and my Id >> command output is : >> >> *id* >> *uid=0(root) gid=0(root) groups=0(root) >> context=system_u:system_r:unconfined_t:s0-s0:c0.c1023* >> >> I want to change *System_u:system_r:unconfined_t to sysadm_u:sysadm_r >> or **unconfined_u:**unconfined_r**. * >> >> *Also showing the output of following command :* >> >> *semanage user -l* >> >> *Labeling MLS/ MLS/ * >> *SELinux UserPrefix MCS Level MCS Range >> SELinux Roles* >> >> *admin_u user s0 s0-s0:c0.c1023 >> sysadm_r system_r* >> *guest_u user s0 s0 >> guest_r* >> *rootuser s0 s0-s0:c0.c1023 >> staff_r sysadm_r* >> *specialuser_u user s0 s0 >> sysadm_r system_r* >> *staff_u user s0 s0-s0:c0.c1023 >> staff_r sysadm_r system_r* >> *sysadm_uuser s0 s0-s0:c0.c1023 >> sysadm_r* >> *system_uuser s0 s0-s0:c0.c1023 >> system_r* >> *unconfined_uuser s0 s0-s0:c0.c1023 >> system_r unconfined_r* >> *user_u user s0 s0 >> user_r* >> *xguest_uuser s0 s0 >> xguest_r* >> >> >> * semanage login -l* >> >> *Login Name SELinux User MLS/MCS RangeService* >> >> *__default__ sysadm_u s0-s0:c0.c1023 ** >> *ccmservice specialuser_us0 ** >> *cucm admin_u s0-s0:c0.c1023 ** >> *drfkeys specialuser_us0 ** >> *drfuser specialuser_us0 ** >> *informix specialuser_us0 ** >> *pwrecovery specialuser_us0 ** >> *root sysadm_u s0-s0:c0.c1023 ** >> *sftpuser specialuser_us0 ** >> *system_u sysadm_u s0-s0:c0.c1023 ** >> >> >> *Can anybody Please help me.* >> >> -- >> >> Thanks >> Aman >> Cell: +91 9990296404 | Email ID : amansh.shar...@gmail.com >> >> > -- Thanks Aman Cell: +91 9990296404 | Email ID : amansh.shar...@gmail.com
Re: Qwery regarding Selinux Change Id context
Based on the config each type of login ( ssh ,shell ) will have it own role . if this is just for testing you can try setting the bool value if you are logging via ssh. setsebool -P ssh_sysadm_login 1 Regards, Ravi On Fri, Nov 24, 2017 at 10:47 AM, Aman Sharmawrote: > > > Hi All, > > Currently Working on Cent OS 7.3 and login as a root User and my Id > command output is : > > *id* > *uid=0(root) gid=0(root) groups=0(root) > context=system_u:system_r:unconfined_t:s0-s0:c0.c1023* > > I want to change *System_u:system_r:unconfined_t to sysadm_u:sysadm_r or * > *unconfined_u:**unconfined_r**. * > > *Also showing the output of following command :* > > *semanage user -l* > > *Labeling MLS/ MLS/ * > *SELinux UserPrefix MCS Level MCS Range > SELinux Roles* > > *admin_u user s0 s0-s0:c0.c1023 > sysadm_r system_r* > *guest_u user s0 s0 > guest_r* > *rootuser s0 s0-s0:c0.c1023 > staff_r sysadm_r* > *specialuser_u user s0 s0 > sysadm_r system_r* > *staff_u user s0 s0-s0:c0.c1023 > staff_r sysadm_r system_r* > *sysadm_uuser s0 s0-s0:c0.c1023 > sysadm_r* > *system_uuser s0 s0-s0:c0.c1023 > system_r* > *unconfined_uuser s0 s0-s0:c0.c1023 > system_r unconfined_r* > *user_u user s0 s0 > user_r* > *xguest_uuser s0 s0 > xguest_r* > > > * semanage login -l* > > *Login Name SELinux User MLS/MCS RangeService* > > *__default__ sysadm_u s0-s0:c0.c1023 ** > *ccmservice specialuser_us0 ** > *cucm admin_u s0-s0:c0.c1023 ** > *drfkeys specialuser_us0 ** > *drfuser specialuser_us0 ** > *informix specialuser_us0 ** > *pwrecovery specialuser_us0 ** > *root sysadm_u s0-s0:c0.c1023 ** > *sftpuser specialuser_us0 ** > *system_u sysadm_u s0-s0:c0.c1023 ** > > > *Can anybody Please help me.* > > -- > > Thanks > Aman > Cell: +91 9990296404 | Email ID : amansh.shar...@gmail.com > >
Fwd: Qwery regarding Selinux Change Id context
Hi All, Currently Working on Cent OS 7.3 and login as a root User and my Id command output is : *id* *uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:unconfined_t:s0-s0:c0.c1023* I want to change *System_u:system_r:unconfined_t to sysadm_u:sysadm_r or * *unconfined_u:**unconfined_r**. * *Also showing the output of following command :* *semanage user -l* *Labeling MLS/ MLS/ * *SELinux UserPrefix MCS Level MCS Range SELinux Roles* *admin_u user s0 s0-s0:c0.c1023 sysadm_r system_r* *guest_u user s0 s0 guest_r* *rootuser s0 s0-s0:c0.c1023 staff_r sysadm_r* *specialuser_u user s0 s0 sysadm_r system_r* *staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r* *sysadm_uuser s0 s0-s0:c0.c1023 sysadm_r* *system_uuser s0 s0-s0:c0.c1023 system_r* *unconfined_uuser s0 s0-s0:c0.c1023 system_r unconfined_r* *user_u user s0 s0 user_r* *xguest_uuser s0 s0 xguest_r* * semanage login -l* *Login Name SELinux User MLS/MCS RangeService* *__default__ sysadm_u s0-s0:c0.c1023 ** *ccmservice specialuser_us0 ** *cucm admin_u s0-s0:c0.c1023 ** *drfkeys specialuser_us0 ** *drfuser specialuser_us0 ** *informix specialuser_us0 ** *pwrecovery specialuser_us0 ** *root sysadm_u s0-s0:c0.c1023 ** *sftpuser specialuser_us0 ** *system_u sysadm_u s0-s0:c0.c1023 ** *Can anybody Please help me.* -- Thanks Aman Cell: +91 9990296404 | Email ID : amansh.shar...@gmail.com