[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: F9: su and sudo don't work as user

From: Chuck Anderson <cra WPI EDU>
To: fedora-selinux-list redhat com
Subject: Re: F9: su and sudo don't work as user
Date: Fri, 13 Jun 2008 10:09:52 -0400

On Fri, Jun 13, 2008 at 08:26:30AM -0400, Stephen Smalley wrote:
> They shouldn't work from user_u, as that user identity/role isn't
> supposed to be able to use them (unprivileged user).

Right, I was trying to fix that, and apparently failed.

> > [root system ~]# semanage login -l
> > 
> > Login Name                SELinux User              MLS/MCS Range            
> > 
> > __default__               unconfined_u              s0                       
> > root                      root                      s0-s0:c0.c1023           
> > system_u                  system_u                  s0-s0:c0.c1023           
> 
> semanage user -l shows what?

I  didn't know there was a "user" in addition to "login":

# semanage user -l

                Labeling   MLS/       MLS/
SELinux User    Prefix     MCS Level  MCS Range                      SELinux Roles

root            unconfined s0         s0-s0:c0.c1023                 system_r staff_r unconfined_r sysadm_r
staff_u         staff      s0         s0-s0:c0.c1023                 system_r staff_r sysadm_r
sysadm_u        sysadm     s0         s0-s0:c0.c1023                 sysadm_r
system_u        user       s0         s0-s0:c0.c1023                 system_r
user_u          user       s0         s0                             user_r

Now it seems obvious--I'm missing the unconfined_u user.

Comparing this to a working F9 system:

                Labeling   MLS/       MLS/
SELinux User    Prefix     MCS Level  MCS Range                      SELinux Roles

guest_u         guest      s0         s0                             guest_r
root            user       s0         s0-s0:c0.c1023                 system_r staff_r unconfined_r sysadm_r
staff_u         user       s0         s0-s0:c0.c1023                 system_r staff_r sysadm_r
sysadm_u        user       s0         s0-s0:c0.c1023                 sysadm_r
system_u        user       s0         s0-s0:c0.c1023                 system_r
unconfined_u    unconfined s0         s0-s0:c0.c1023                 system_r unconfined_r
user_u          user       s0         s0                             user_r
xguest_u        xguest     s0         s0                             xguest_r

How do I fix this?

Thanks.

Follow-Ups:
- Re: F9: su and sudo don't work as user
  - From: Stephen Smalley

References:
- F9: su and sudo don't work as user
  - From: Chuck Anderson
- Re: F9: su and sudo don't work as user
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]