Following the instructions at: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/selinux_users_and_administrators_guide/index#sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users-sudo_Transition_and_SELinux_Roles
I installed RHEL7.9 on a new VM. I ran:
useradd bob
passwd bob
semanage login -a -s
semanage user -a -r s0-s0:c0.c1023 -R "user_r sysadm_r" se_user
cp /etc/selinux/targeted/contexts/users/staff_u /etc/selinux/targeted/contexts/users/se_user
semanage login -a -s se_user -rs0:c0.c1023 bob
echo "bob ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r /bin/bash " > /etc/sudoers.d/bob
restorecon -FR -v /home/bob
su - bob
sudo -i
And now all I see is: unconfined_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 is not a valid context. Also, when I run id -Z as bob, it says unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 but their example said I should see the default role that I provided. What did I do wrong?
