Red Hat Bugzilla – Bug 479904
Incorrect MLS range for unconfined users
Last modified: 2015-01-04 17:35:51 EST
Description of problem:
On a default installation of Fedora 10, unconfined users use "s0" instead of "s0-s0:c0.c1023":
$ sudo semanage login -l
Login Name SELinux User MLS/MCS Range
__default__ unconfined_u s0
root unconfined_u s0-s0:c0.c1023
system_u system_u s0-s0:c0.c1023
$ id -Z
Version-Release number of selected component (if applicable):
I checked on two other installations on two different machines - unconfined was "s0".
Created attachment 328999 [details]
Fix for unconfined_u in all categories.
Miroslav you can add this patch although this will not effect upgraded systems.
I will do it.
Fixed in selinux-policy-3.5.13-40.fc10.noarch
What is the best way to verify this is fixed?
Well a fresh install with this policy would show it.
You could force it by removing /etc/selinux/targeted
rm -rf /etc/selinux/targeted
rpm -Uhv --force selinux-policy*3.5.13-40.fc10.noarch
restorecon -R -v /etc/selinux
semanage login -l
I forced it and it looks ok to me. Thanks.