[DSE-Dev] Bug#848232: semanage login: no awareness of exising entries

cgzones cgzones at googlemail.com
Thu Dec 15 13:13:23 UTC 2016


Package: policycoreutils-python-utils
Version: 2.6-2

When working on SELinux login settings, it seems that semanage is not
aware of already existing entries.
Example usage:

root at desktopdebian:/home/christian# semanage login -a -s unconfined_u christian
libsemanage.add_user: user system_u not in password file
root at desktopdebian:/home/christian# semanage login -l

Login Name           SELinux User         MLS/MCS Range        Service

__default__          user_u               s0-s0                *
christian            unconfined_u         s0                   *
root                 root                 s0-s0:c0.c1023       *
system_u             system_u             s0-s0:c0.c1023       *
root at desktopdebian:/home/christian# semanage login -m -s user_u
christian
ValueError: Login mapping for christian is not defined
                                           # error
root at desktopdebian:/home/christian# semanage login -l

Login Name           SELinux User         MLS/MCS Range        Service

__default__          user_u               s0-s0                *
christian            unconfined_u         s0                   *
                                                         # not updated
root                 root                 s0-s0:c0.c1023       *
system_u             system_u             s0-s0:c0.c1023       *
root at desktopdebian:/home/christian# semanage login -a -s user_u christian
libsemanage.add_user: user system_u not in password file
                                   # no error! although user existed
root at desktopdebian:/home/christian# semanage login -l

Login Name           SELinux User         MLS/MCS Range        Service

__default__          user_u               s0-s0                *
christian            user_u               s0                   *
                                                              #
updated!
root                 root                 s0-s0:c0.c1023       *
system_u             system_u             s0-s0:c0.c1023       *
root at desktopdebian:/home/christian# semanage login -d -s user_u christian
ValueError: Login mapping for christian is not defined
                                           # error
root at desktopdebian:/home/christian# semanage login -l

Login Name           SELinux User         MLS/MCS Range        Service

__default__          user_u               s0-s0                *
christian            user_u               s0                   *
                                                             # not
deleted
root                 root                 s0-s0:c0.c1023       *
system_u             system_u             s0-s0:c0.c1023       *


Kindly regards,
    Christian Göttsche



More information about the SELinux-devel mailing list