Configuration of MCS/MLS of SELinux
Posted: 2011/04/01 10:07:10
Hi all.
I have problems on selinux configuration.
What shold I do to change MCS/MLS range of users and "login" from s0-s0:c0 to s0-s0:c0.c1023("SystemLow-SystemHigh")
with "semanage".
My SELinux is with "tergeted" policy.
The Condition is below.
[root@localhost ~]# semanage user -l
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range SELinux Roles
root user s0 s0:c0,c3 system_r sysadm_r user_r
system_u user s0 SystemLow-SystemHigh system_r
user_u user s0 SystemLow-SystemHigh system_r sysadm_r user_r
[root@localhost ~]# semanage login -l
Login Name SELinux User MLS/MCS Range
__default__ user_u s0
root root s0:c0
[root@localhost ~]# semanage user -m -r s0-s0:c0.c1023 root
libsemanage.validate_handler: MLS range s0:c0 for Unix user root exceeds allowed range s0:c0,c3 for SELinux user root
libsemanage.validate_handler: seuser mapping [root -> (root, s0:c0)] is invalid
libsemanage.dbase_llist_iterate: could not iterate over records
/usr/sbin/semanage: Could not modify SELinux user root
[root@localhost ~]# semanage login -m -r s0-s0:c0.c1023 root
libsemanage.validate_handler: MLS range s0-s0:c0.c1023 for Unix user root exceeds allowed range s0:c0,c3 for SELinux user root
libsemanage.validate_handler: seuser mapping [root -> (root, s0-s0:c0.c1023)] is invalid
libsemanage.dbase_llist_iterate: could not iterate over records
/usr/sbin/semanage: Could not modify login mapping for root
[root@localhost ~]#
I have problems on selinux configuration.
What shold I do to change MCS/MLS range of users and "login" from s0-s0:c0 to s0-s0:c0.c1023("SystemLow-SystemHigh")
with "semanage".
My SELinux is with "tergeted" policy.
The Condition is below.
[root@localhost ~]# semanage user -l
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range SELinux Roles
root user s0 s0:c0,c3 system_r sysadm_r user_r
system_u user s0 SystemLow-SystemHigh system_r
user_u user s0 SystemLow-SystemHigh system_r sysadm_r user_r
[root@localhost ~]# semanage login -l
Login Name SELinux User MLS/MCS Range
__default__ user_u s0
root root s0:c0
[root@localhost ~]# semanage user -m -r s0-s0:c0.c1023 root
libsemanage.validate_handler: MLS range s0:c0 for Unix user root exceeds allowed range s0:c0,c3 for SELinux user root
libsemanage.validate_handler: seuser mapping [root -> (root, s0:c0)] is invalid
libsemanage.dbase_llist_iterate: could not iterate over records
/usr/sbin/semanage: Could not modify SELinux user root
[root@localhost ~]# semanage login -m -r s0-s0:c0.c1023 root
libsemanage.validate_handler: MLS range s0-s0:c0.c1023 for Unix user root exceeds allowed range s0:c0,c3 for SELinux user root
libsemanage.validate_handler: seuser mapping [root -> (root, s0-s0:c0.c1023)] is invalid
libsemanage.dbase_llist_iterate: could not iterate over records
/usr/sbin/semanage: Could not modify login mapping for root
[root@localhost ~]#