Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
cannot delete selinux login, missing selinux user
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
aleiphoenix
n00b
n00b


Joined: 03 Sep 2012
Posts: 26

PostPosted: Fri Dec 13, 2013 8:41 am    Post subject: cannot delete selinux login, missing selinux user Reply with quote

Hi, I'm new to selinux and have a problem.

I tried to add a selinux login and user by

Code:

$ semanage user -a -R "staff_r sysadm_r" aleiphoenix
$ semanage login -a -s aleiphoenix aleiphoenix


When I realized that I don't need a new selinux user, staff_u will be just good, I delete the selinux user first

Code:

$ semanage user -D aleiphoenix


Then, change login - user mapping

Code:

semanage login -m -s staff_u aleiphoenix


Got

Code:

libsemanage.dbase_llist_query: could not query record value
/usr/lib/python-exec/python2.7/semanage: Could not query user for aleiphoenix


Guess the missing selinux user cause this problem. So I tried to add selinux user back

Code:

semanage user -a -R "staff_r sysadm_r" aleiphoenix


But got

Code:

libsemanage.validate_handler: selinux user aleiphoenix does not exist (No such file or directory).
libsemanage.validate_handler: seuser mapping [aleiphoenix -> aleiphoenix] is invalid (No such file or directory).
libsemanage.dbase_llist_iterate: could not iterate over records (No such file or directory).
/usr/lib/python-exec/python2.7/semanage: Could not commit semanage transaction


the output of selinux user -l and selinux login -l

Code:

$ semanage login -l

Login Name                SELinux User             

__default__               user_u                   
aleiphoenix               aleiphoenix             
root                      root                     
system_u                  system_u

$ semanage user -l

SELinux User    SELinux Roles

root            staff_r sysadm_r
staff_u         staff_r sysadm_r
sysadm_u        sysadm_r
system_u        system_r
unconfined_u    unconfined_r
user_u          user_r



Now it seems the new selinux login `aleiphoenix` is totally dead, How can I delete it ?

Thanks.
Back to top
View user's profile Send private message
GODLiKE
n00b
n00b


Joined: 11 Jan 2007
Posts: 62

PostPosted: Wed Dec 25, 2013 4:11 pm    Post subject: Reply with quote

I have exactly the same problem, were you able to solve it?
_________________
GERÓNIMOOOOOOOOOOOOOOOOOOOO!!!
Back to top
View user's profile Send private message
Sven Vermeulen
Developer
Developer


Joined: 29 Aug 2002
Posts: 1345
Location: Mechelen, Belgium

PostPosted: Thu Dec 26, 2013 4:45 pm    Post subject: Reply with quote

The good news is that newer SELinux utilities seem to have a fail-safe for this situation:

Code:

~$ semanage user -D test_u
libsemanage.lookup_seuser: test_u is being used by test login record (Invalid argument).
OSError: Invalid argument


Bad news is that this doesn't help you out right now.

Try editing the /etc/selinux/strict/seusers file. If you remove the entry for the login you want to modify (syntax is "login":"SELinux user") then it should go towards the default entry. A policy rebuild might be needed to have it loaded though (semodule -B does that for you).
_________________
Please add "[solved]" to the initial topic title when it is solved. TIA.
Linux Sea (PDF), an online e-book on Gentoo Linux
Back to top
View user's profile Send private message
GODLiKE
n00b
n00b


Joined: 11 Jan 2007
Posts: 62

PostPosted: Thu Dec 26, 2013 8:39 pm    Post subject: Reply with quote

After borking many times my SELinux installation I think I fixed it. Try editing you seusers file under /etc/selinux (and /etc/selinux/SELINUXTYPE) and removing the offending mapping.
_________________
GERÓNIMOOOOOOOOOOOOOOOOOOOO!!!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum