User shells do not run as unconfined_u:unconfined_r:unconfined_t SELinux context, leading to various issues
Issue
-
Checking the SELinux context with
id -Z
, I can see that the shell is not running asunconfined_u:unconfined_r:unconfined_t
butsystem_u:system_r:xxx
instead# id -Z system_u:system_r:initrc_t:s0-s0:c0.c1023
or
# id -Z system_u:system_r:inetd_child_t:s0-s0:c0.c1023
or any other context starting with
system_u:system_r
. -
yum update kernel
fails in RPM scriptlets (seen when shell runs as SELinux contextinetd_child_t
)# yum -y update kernel [...] [...]: warning: %post(kernel-3.10.0-1127.10.1.el7.x86_64) scriptlet failed, exit status 127 [...]: warning: %triggerin(microcode_ctl-2:2.1-61.6.el7_8.x86_64) scriptlet failed, exit status 127 [...]: warning: %posttrans(kernel-3.10.0-1127.10.1.el7.x86_64) scriptlet failed, exit status 127
-
SSH logins take 10 seconds and
'abrt-cli status' timed out
error message is printed (seen when shell runs as SELinux contextinitrc_t
)$ ssh <user>@<system> [... 10 seconds delay ...] 'abrt-cli status' timed out <user@<system> $
Environment
- Red Hat Enterprise Linux 6 and later
- powerbroker (
pblocald
,pmlocald
) vshelld
- powerbroker (
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.