I am using RHEL5 with SELINUXTYPE=targeted in enforcing mode.
If I ssh as root to that host, id -Z reports root:system_r:unconfined_t:SystemLow-SystemHigh which includes a level.
If I ssh as a user to that same host, id -Z reports user_u:system_r:unconfined_t which does not include a level.
As that user, If I su -, id -z reports user_u:system_r:unconfined_t
If I then execute: newrole -l SystemLow-SystemHigh I get an error: Error: you are not allowed to change levels on a non secure terminal
I get the same behavior from sudo bash.
Questions: 1: Does root's SystemLow-SystemHigh level actually mean anything in targeted mode? 2: Why does newrole consider the ssh terminal insecure, when ssh as root will give me the "full level"? 3: Is there a way to get from not having a level to SystemLow-SystemHigh?
Thanks Brian