F9: su and sudo don't work as user

Chuck Anderson cra at WPI.EDU
Fri Jun 13 00:34:42 UTC 2008


Ok, I thought this was a known issue but I can't seem to find it 
mentioned anywhere.  I have a F9 system that "su" and "sudo" don't 
work on.  I noticed that my context was user_u rather than 
unconfined_u:


Login on the console as cra:

[cra at system 20:25:34 /home/cra]>id
uid=10002(cra) gid=10002(cra) groups=1000(netops),2011(mirror),10002(cra) context=user_u:user_r:user_t:s0
[cra at system 20:25:36 /home/cra]>su
/bin/su: Permission denied.
[cra at system 20:25:37 /home/cra]>sudo
sudo: setresuid(ROOT_UID, 1, ROOT_UID): Operation not permitted

So I tried to go in as root and fix the context like this:

Login on the console as root:

[root at system ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 22
Policy from config file:        targeted

[root at system ~]# setenforce 0
[root at system ~]# semanage login -l

Login Name                SELinux User              MLS/MCS Range            

__default__               unconfined_u              s0                       
root                      root                      s0-s0:c0.c1023           
system_u                  system_u                  s0-s0:c0.c1023           

[root at system ~]# semanage login -m -s unconfined_u root
libsemanage.validate_handler: selinux user unconfined_u does not exist (No such file or directory).
libsemanage.validate_handler: seuser mapping [root -> (unconfined_u, s0-s0:c0.c1023)] is invalid (No such file or directory).
libsemanage.dbase_llist_iterate: could not iterate over records (No such file or directory).
/usr/sbin/semanage: Could not modify login mapping for root

[root at system ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          enforcing
Policy version:                 22
Policy from config file:        targeted

[root at system ~]# setenforce 1
[root at system ~]# exit

But it didn't work as you can see.  I'm running these versions:

kernel-2.6.25.4-30.fc9.x86_64
selinux-policy-targeted-3.3.1-64.fc9.noarch

Can someone please help?

Thanks.




More information about the fedora-selinux-list mailing list