Weird SELinux problem after upgrade to F9

Daniel J Walsh dwalsh at redhat.com
Thu Jun 12 13:53:00 UTC 2008 

Kayvan A. Sylvan wrote:
> On Wed, Jun 04, 2008 at 03:13:08PM -0400, Daniel J Walsh wrote:
>> You might need to check your user database
>>
>> semanage user -l
>> semanage login -l
> 
> I do not know anything about how this is supposed to look. Here is
> what the commands report:
> 
> [root at satyr ~]# semanage user -l
> 
>                 Labeling   MLS/       MLS/                          
> SELinux User    Prefix     MCS Level  MCS Range                      SELinux Roles
> 
> root            user       s0         SystemLow-SystemHigh           system_r sysadm_r user_r
> system_u        user       s0         SystemLow-SystemHigh           system_r
> user_u          user       s0         SystemLow-SystemHigh           system_r sysadm_r user_r
> 
> [root at satyr ~]# semanage login -l
> 
> Login Name                SELinux User              MLS/MCS Range            
> 
> __default__               user_u                    s0                       
> root                      root                      -s0:c0.c255              
> system_u                  system_u                  SystemLow-SystemHigh     
> 

Kayvan A. Sylvan wrote:
> On Wed, Jun 04, 2008 at 03:13:08PM -0400, Daniel J Walsh wrote:
>> You might need to check your user database
>>
>> semanage user -l
>> semanage login -l
>
> I do not know anything about how this is supposed to look. Here is
> what the commands report:
>
> [root at satyr ~]# semanage user -l
>
>                 Labeling   MLS/       MLS/
> SELinux User    Prefix     MCS Level  MCS Range
SELinux Roles
>
> root            user       s0         SystemLow-SystemHigh
system_r sysadm_r user_r
> system_u        user       s0         SystemLow-SystemHigh
system_r
> user_u          user       s0         SystemLow-SystemHigh
system_r sysadm_r user_r
>
> [root at satyr ~]# semanage login -l
>
> Login Name                SELinux User              MLS/MCS Range

>
> __default__               user_u                    s0

> root                      root                      -s0:c0.c255

> system_u                  system_u
SystemLow-SystemHigh
>
This is an upgrade problem.

For some reason the selinux policy trigger did not fire so the default
login on your machine is not setup for unconfined users.

If you execute the following three commands it should fix your system

# semanage user -a -S targeted -P user -R "unconfined_r system_r"
-r0-s0:c0.c1023 unconfined_u
# semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023
__default__
# semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023 root

More information about the fedora-selinux-list mailing list