1 |
On Wed, 2004-04-28 at 07:58, Ed Wildgoose wrote: |
2 |
> Oh dear. I can't log into my new selinux system. Keeps saying it can't |
3 |
> find a context for root, and would I like to enter a security |
4 |
> context.... Obviously I saw the note about this situation in the FAQ, |
5 |
> and have reloaded the entire policy and relabeled the entire fs a few |
6 |
> times. Any pointers on what is happening here please? (It's not in |
7 |
> enforcing mode, so why is this happening at all?) |
8 |
|
9 |
This happens because regardless of permissive/enforcing, the security |
10 |
functions that tell login what a user's login contexts are, always work |
11 |
the same. If login isn't in the right context, then it won't return any |
12 |
contexts. I wrote sestatus for these situations; run sestatus -v, and |
13 |
the contexts should look like this: |
14 |
|
15 |
Process contexts: |
16 |
Current context: pebenito:sysadm_r:sysadm_t |
17 |
Init context: system_u:system_r:init_t |
18 |
/sbin/mingetty system_u:system_r:getty_t |
19 |
/sbin/agetty system_u:system_r:getty_t |
20 |
/usr/sbin/sshd system_u:system_r:sshd_t |
21 |
|
22 |
File contexts: |
23 |
Controlling term: pebenito:object_r:sysadm_devpts_t |
24 |
/etc/passwd system_u:object_r:etc_t |
25 |
/etc/shadow system_u:object_r:shadow_t |
26 |
/bin/bash system_u:object_r:shell_exec_t |
27 |
/bin/login system_u:object_r:login_exec_t |
28 |
/bin/sh system_u:object_r:bin_t -> system_u:object_r:shell_exec_t |
29 |
/sbin/agetty system_u:object_r:getty_exec_t |
30 |
/sbin/init system_u:object_r:init_exec_t |
31 |
/sbin/mingetty system_u:object_r:getty_exec_t |
32 |
/usr/sbin/sshd system_u:object_r:sshd_exec_t |
33 |
/lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:shlib_t |
34 |
/lib/ld.so.1 system_u:object_r:lib_t -> system_u:object_r:ld_so_t |
35 |
|
36 |
|
37 |
-- |
38 |
Chris PeBenito |
39 |
<pebenito@g.o> |
40 |
Developer, |
41 |
Hardened Gentoo Linux |
42 |
Embedded Gentoo Linux |
43 |
|
44 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
45 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |