F9: su and sudo don't work as user
Chuck Anderson
cra at WPI.EDU
Fri Jun 13 00:34:42 UTC 2008
Ok, I thought this was a known issue but I can't seem to find it
mentioned anywhere. I have a F9 system that "su" and "sudo" don't
work on. I noticed that my context was user_u rather than
unconfined_u:
Login on the console as cra:
[cra at system 20:25:34 /home/cra]>id
uid=10002(cra) gid=10002(cra) groups=1000(netops),2011(mirror),10002(cra) context=user_u:user_r:user_t:s0
[cra at system 20:25:36 /home/cra]>su
/bin/su: Permission denied.
[cra at system 20:25:37 /home/cra]>sudo
sudo: setresuid(ROOT_UID, 1, ROOT_UID): Operation not permitted
So I tried to go in as root and fix the context like this:
Login on the console as root:
[root at system ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 22
Policy from config file: targeted
[root at system ~]# setenforce 0
[root at system ~]# semanage login -l
Login Name SELinux User MLS/MCS Range
__default__ unconfined_u s0
root root s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023
[root at system ~]# semanage login -m -s unconfined_u root
libsemanage.validate_handler: selinux user unconfined_u does not exist (No such file or directory).
libsemanage.validate_handler: seuser mapping [root -> (unconfined_u, s0-s0:c0.c1023)] is invalid (No such file or directory).
libsemanage.dbase_llist_iterate: could not iterate over records (No such file or directory).
/usr/sbin/semanage: Could not modify login mapping for root
[root at system ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 22
Policy from config file: targeted
[root at system ~]# setenforce 1
[root at system ~]# exit
But it didn't work as you can see. I'm running these versions:
kernel-2.6.25.4-30.fc9.x86_64
selinux-policy-targeted-3.3.1-64.fc9.noarch
Can someone please help?
Thanks.
More information about the fedora-selinux-list
mailing list