[redhat-lspp] netlabelctl gets permission denied - possible role mixup
Loulwa Salem
loulwas at us.ibm.com
Wed Mar 21 15:10:09 UTC 2007
Joy Latten wrote:
>>Can you try the same thing from an account that is associated with
>>staff_u?
>>
>
>
> Actually, the first time she tried it, it was staff_u and not ealuser_u.
> I suggested perhaps the error occured because ealuser was not properly
> mapped to an selinux user. So we ran:
>
> semanage user -a -L SystemLow-SystemHigh -r SystemLow-SystemHigh -R
> "staff_r sysadm_r secadm_r auditadm_r" -P staff ealuser_u
>
> semanage login -m -s ealuser_u -r SystemLow-SystemHigh ealuser
>
> But before, her config was like Kylie's and she got the same error.
> She said she never ran the above semanage commands before and it used
> to work fine.
>
> It works on a machine with:
> selinux-policy-2.4.6-38.el5
> selinux-policy-devel-2.4.6-38.el5
> selinux-policy-targeted-2.4.6-38.el5
> selinux-policy-mls-2.4.6-38.el5
> openssh-clients-4.3p2-17.el5
> openssh-4.3p2-17.el5
> openssh-server-4.3p2-17.el5
> kernel-2.6.18-8.1.1.el5.lspp.68
> kernel-devel-2.6.18-8.1.1.el5.lspp.68
>
Just to clarify, what joy mentioned above is correct. At first I was
staff_u:sysadm_r:sysadm_t and I still saw the same behavior. Joy suggested I set
up ealuser mappings (which is a step I never did before).
- loulwa
More information about the redhat-lspp
mailing list