Hi Stephen, Below is my login pam file :
#%PAM-1.0 auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so auth substack system-auth auth include postlogin account required pam_nologin.so account include system-auth password include system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so # pam_selinux.so restore should only be followed by sessions to be executed in the user context session required pam_selinux.so restore session required pam_namespace.so session optional pam_keyinit.so force revoke session include system-auth session include postlogin -session optional pam_ck_connector.so Can you Please check if this is fine. On Mon, Dec 4, 2017 at 9:31 PM, Aman Sharma <[email protected]> wrote: > Hi Stephen, > > I got the below logs from the file .Can you please if these logs are fine > or not : > > journalctl | grep selinux > Dec 05 02:55:46 localhost.localdomain kernel: EVM: security.selinux > Dec 04 21:26:10 cucm audispd[569]: node=localhost.localdomain > type=USER_START msg=audit(1512402970.129:107): pid=7145 uid=0 auid=0 ses=2 > subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open > grantors=pam_selinux,pam_loginuid,pam_selinux,pam_ > namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog > acct="root" exe="/usr/sbin/sshd" hostname=10.97.7.209 addr=10.97.7.209 > terminal=ssh res=success' > Dec 04 21:26:10 cucm audispd[569]: node=localhost.localdomain > type=USER_START msg=audit(1512402970.131:108): pid=7568 uid=0 auid=0 ses=3 > subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open > grantors=pam_selinux,pam_loginuid,pam_selinux,pam_ > namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog > acct="root" exe="/usr/sbin/sshd" hostname=10.97.7.209 addr=10.97.7.209 > terminal=ssh res=success' > > Please let me know if any comments are there. > > On Mon, Dec 4, 2017 at 9:10 PM, Stephen Smalley <[email protected]> wrote: > >> On Sat, 2017-12-02 at 09:29 +0530, Aman Sharma wrote: >> > Hi All, >> > >> > Thanks for the information. >> > >> > But after resetting the semanage User/login, and moving the targeted >> > folder to old one and then install the default target. then also its >> > still showing the >> > Id context as context=system_u:system_r:unconfined_t:s0-s0:c0.c1023. >> > >> > What I observed is after changing the permission using semanage >> > command also, its still showing the system_u:system_r. >> > >> > Check the semanage login/User output : >> > >> > semanage login -l >> > >> > Login Name SELinux User MLS/MCS Range >> > Service >> > >> > __default__ unconfined_u s0-s0:c0.c1023 * >> > root unconfined_u s0-s0:c0.c1023 * >> > system_u system_u s0-s0:c0.c1023 * >> > >> > >> > semanage user -l >> > >> > Labeling MLS/ MLS/ >> > SELinux User Prefix MCS Level MCS Range >> > SELinux Roles >> > >> > guest_u user s0 s0 >> > guest_r >> > root user s0 s0-s0:c0.c1023 >> > staff_r sysadm_r system_r unconfined_r >> > staff_u user s0 s0-s0:c0.c1023 >> > staff_r sysadm_r system_r unconfined_r >> > sysadm_u user s0 s0-s0:c0.c1023 >> > sysadm_r >> > system_u user s0 s0-s0:c0.c1023 >> > system_r unconfined_r >> > unconfined_u user s0 s0-s0:c0.c1023 >> > system_r unconfined_r >> > user_u user s0 s0 >> > user_r >> > xguest_u user s0 s0 >> > xguest_r >> > >> > >> > Looks like its related to some other issue. What you think about >> > this. >> >> Do you have any relevant error messages in /var/log/secure or >> journalctl -rb? Look for anything that refers to selinux or context. >> >> I'm guessing that pam_selinux is unable to determine a valid context >> for your login for some reason, and this is causing it to fall back to >> this one. Or something like that. >> >> You could try to emulate this process via selinuxdefcon, although I'm >> not sure how closely it matches pam_selinux anymore. Sample usage: >> >> 1. See what context sshd is running in. >> >> ps -eZ | grep sshd >> >> It should be: >> system_u:system_r:sshd_t:s0-s0:c0.c1023 >> >> 2. Run selinuxdefcon to compute the default context for root when >> logging in from sshd: >> >> # Second argument should be whatever was shown by ps -eZ | grep sshd >> above. >> selinuxdefcon root system_u:system_r:sshd_t:s0-s0.c0123 >> >> It should be: >> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 >> >> >> > > > -- > > Thanks > Aman > Cell: +91 9990296404 | Email ID : [email protected] > -- Thanks Aman Cell: +91 9990296404 | Email ID : [email protected]
