Red Hat Bugzilla – Bug 443852
After upgrade from F7->F9, users have user_u instead of unconfined_u (su "missing")
Last modified: 2008-04-29 18:30:12 EDT
I used preupgrade to upgrade two systems from F7 (with updates) to rawhide.
On both systems, my normal user (wwoods) unexpectedly ended up with the user_u
SELinux context, rather than unconfined_u.
I only noticed it because su appeared to be missing.
F7 users (as in RHEL5) have a default context of user_u:system_r:unconfined_t.
F8 has unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023.
So I guess the problem is that we've redefined the meaning of user_u.
A workaround for affected systems:
semanage login -m -s unconfined_u -r SystemLow-SystemHigh __default__
should give users the default SELinux context used for new F9 installs.
Yes we need to convert user_u to unconfined_u. This is a blocker bug.
Needs to be fixed.
Will could you verify that
selinux-policy-3.3.1-39.fc9 fixes the problem.
Does it need to be installed as part of the upgrade from F7? (That is, do I need
to wait for it to land in rawhide to test the fix?)
You can test it by executing
rm -rf /etc/selinux
rpm -Uhv --oldpackage selinux-policy*f7 /* Whatever F7 policy was*/
Then update to F9 policy and check to see if you login in as unconfined_u
semanage login -l | grep __default__
I think the fix is confirmed.
I upgraded from F7 to F9 (where my user had user_u). Next I installed the old f7
policy packages and rebooted into rescue mode (to simulate the installer).
I then upgraded the system to selinux-policy-3.3.1-40.fc9. It took a *long* time
for %post to run, but now everything works fine.
Yep, confirmed the fix with an upgrade to today's rawhide.