levels in targeted mode
Brian Ginn
BGinn at symark.com
Fri Apr 10 00:38:14 UTC 2009
I am using RHEL5 with SELINUXTYPE=targeted in enforcing mode.
If I ssh as root to that host, id -Z reports
root:system_r:unconfined_t:SystemLow-SystemHigh
which includes a level.
If I ssh as a user to that same host, id -Z reports
user_u:system_r:unconfined_t
which does not include a level.
As that user, If I su -, id -z reports
user_u:system_r:unconfined_t
If I then execute:
newrole -l SystemLow-SystemHigh
I get an error:
Error: you are not allowed to change levels on a non secure terminal
I get the same behavior from sudo bash.
Questions:
1: Does root's SystemLow-SystemHigh level actually mean anything in targeted mode?
2: Why does newrole consider the ssh terminal insecure, when ssh as root will give me the "full level"?
3: Is there a way to get from not having a level to SystemLow-SystemHigh?
Thanks
Brian
More information about the fedora-selinux-list
mailing list