# selinux login - Unable to get valid context for [user]

## dkJ2

hey folks,

I'm trying to setup selinux on my box, but whenever I login to a user who is mapped to the selinux user user_u, login gives the error "Unable to get valid context for [user]"

When I change the mapping to e.g. staff_u, the error disappear and the selinux context is good (with id -Z)

semanage login -l

```
__default__  user_u

root root
```

id -Z

```
system_u:system_r:kernel_t
```

cat /var/log/messages

```
pam_selinux(login): Unable to get valid context for john
```

-------------------------------------------------------------

vv works vv

-------------------------------------------------------------

semanage login -a -s staff_u john

id -Z

```
staff_u:sysadm_r:sysadm_t
```

Anyone has any idea why this is hapening? My hypothesis is that pam_selinux cannot change the context for users defined in the default policy, why?

----------

