[redhat-lspp] netlabelctl gets permission denied - possible role mixup

Loulwa Salem loulwas at us.ibm.com
Wed Mar 21 15:10:09 UTC 2007


Joy Latten wrote:

>>Can you try the same thing from an account that is associated with
>>staff_u?
>>
> 
> 
> Actually, the first time she tried it, it was staff_u and not ealuser_u.
> I suggested perhaps the error occured because ealuser was not properly
> mapped to an selinux user. So we ran:
> 
> semanage user -a -L SystemLow-SystemHigh -r SystemLow-SystemHigh -R
> "staff_r sysadm_r secadm_r auditadm_r" -P staff ealuser_u
> 
> semanage login -m -s ealuser_u -r SystemLow-SystemHigh ealuser
> 
> But before, her config was like Kylie's and she got the same error.
> She said she never ran the above semanage commands before and it used 
> to work fine.
> 
> It works on a machine with:
> selinux-policy-2.4.6-38.el5
> selinux-policy-devel-2.4.6-38.el5
> selinux-policy-targeted-2.4.6-38.el5
> selinux-policy-mls-2.4.6-38.el5
> openssh-clients-4.3p2-17.el5
> openssh-4.3p2-17.el5
> openssh-server-4.3p2-17.el5
> kernel-2.6.18-8.1.1.el5.lspp.68
> kernel-devel-2.6.18-8.1.1.el5.lspp.68
> 

Just to clarify, what joy mentioned above is correct. At first I was 
staff_u:sysadm_r:sysadm_t and I still saw the same behavior. Joy suggested I set 
up ealuser mappings (which is a step I never did before).

- loulwa





More information about the redhat-lspp mailing list