Huh, setenforce 0 seems to have no effect. I see this when I run it:
Sep 2 11:15:45 dumont kernel: audit(1125684945.038:24): avc: granted { setenforce } for pid=6453 comm="setenforce" scontext=root:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security
.... but everthing remains broken the same way.
Stephen Smalley wrote:
On Fri, 2005-09-02 at 10:37 -0700, Ben wrote:
So last night I installed FC3, added Fedora Extras, and did a yum update. Now I can't use any new users. Behold:
[root@dumont ~]# adduser nagios [root@dumont ~]# su - nagios Your default context is user_u:system_r:unconfined_t.
Do you want to choose a different one? [n] could not open session
/var/log/messages has this to say about it:
Sep 2 17:34:21 dumont su[6229]: Warning! Could not relabel /dev/pts/4 with user_u:object_r:devpts_t, not relabeling.Operation not permitted
Something doesn't seem quite right, but I'm not sure what I'm missing. Here's are the selinux packages I've got installed:
Hmmm...no avc messages in /var/log/messages prior to the warning?
Is it repeatable after /usr/sbin/setenforce 0?