[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

levels in targeted mode

From: Brian Ginn <BGinn symark com>
To: "'fedora-selinux-list redhat com'" <fedora-selinux-list redhat com>
Subject: levels in targeted mode
Date: Thu, 9 Apr 2009 17:38:14 -0700

I am using RHEL5 with SELINUXTYPE=targeted in enforcing mode.

If I ssh as root to that host, id -Z reports
        root:system_r:unconfined_t:SystemLow-SystemHigh
which includes a level.

If I ssh as a user to that same host, id -Z reports
        user_u:system_r:unconfined_t
which does not include a level.

As that user, If I su -, id -z reports
        user_u:system_r:unconfined_t

If I then execute:
        newrole -l SystemLow-SystemHigh
I get an error:
        Error: you are not allowed to change levels on a non secure terminal

I get the same behavior from sudo bash.


Questions:
1: Does root's SystemLow-SystemHigh level actually mean anything in targeted mode?
2: Why does newrole consider the ssh terminal insecure, when ssh as root will give me the "full level"?
3: Is there a way to get from not having a level to SystemLow-SystemHigh?



Thanks
Brian

Follow-Ups:
- Re: levels in targeted mode
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]