From: Daniel J Walsh <dwalsh@redhat.com>
To: Jeremiah Jahn <jeremiah@goodinassociates.com>
Cc: selinux <selinux@tycho.nsa.gov>
Subject: Re: new user types
Date: Fri, 08 Feb 2008 08:34:33 -0500 [thread overview]
Message-ID: <47AC5A69.2070202@redhat.com> (raw)
In-Reply-To: <1202426088.2801.500.camel@bluejay.goodinassociates.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeremiah Jahn wrote:
> I can't seem to login as the right user, and I'm not sure what I missed.
>
> I added the following roles and users to my monetra.te file:
>
>
> #admin roles
> role monetra_admin_r types monetra_t;
> role monetra_admin_r types monetra_lib_t;
>
> #client roles
> role monetra_client_r types monetra_t;
> role monetra_client_r types monetra_lib_t;
> role monetra_client_r types monetra_client_t;
>
> #monetra users
> user monetra_u roles { monetra_client_r monetra_admin_r } level s0 range s0 - s0;
>
>
>
>
> I ran the add login command:
> semanage login -a -s monetra_u bob
>
>
>
> I get the following output:
> [root@xxx ~]# semanage login -l
>
> Login Name SELinux User MLS/MCS Range
>
> __default__ user_u s0
> root root s0-s0:c0.c255
> system_u system_u s0-s0:c0.c255
> bob monetra_u s0
>
> [root@xxx ~]# semanage user -l
>
> Labeling MLS/ MLS/
> SELinux User Prefix MCS Level MCS Range SELinux Roles
>
>
> monetra_u user s0 s0 monetra_admin_r monetra_client_r
> root sysadm s0 s0-s0:c0.c255 sysadm_r staff_r
> staff_u staff s0 s0-s0:c0.c255 sysadm_r staff_r
> sysadm_u sysadm s0 s0-s0:c0.c255 sysadm_r
> system_u user s0 s0-s0:c0.c255 system_r
> unconfined_u unconfined s0 s0-s0:c0.c255 unconfined_r
> user_u user s0 s0 user_r
>
> yet when I login I get:
> [bob@xxx ~]$ id -Z
> system_u:system_r:unconfined_t:s0-s0:c0.c255
>
>
> thanx for any help you can give.
>
>
You need to create a contexts file for monetra_u.
/etc/selinux/targeted/contexts/users/monetra_u
Then set it up for the appropriate commands
xguest_u looks like
system_r:local_login_t xguest_r:xguest_t:s0
system_r:remote_login_t xguest_r:xguest_t:s0
system_r:sshd_t xguest_r:xguest_t:s0
system_r:crond_t xguest_r:xguest_crond_t:s0
system_r:xdm_t xguest_r:xguest_t:s0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkesWmkACgkQrlYvE4MpobMjxgCfYEe9Sq1qlHRR4D3SkMViIeqG
KdcAoJ2mrdBBcxNoWVsy9ITDXInaYdUs
=dhVO
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2008-02-08 13:34 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-07 23:14 new user types Jeremiah Jahn
2008-02-08 13:34 ` Daniel J Walsh [this message]
2008-02-08 13:59 ` Stephen Smalley
2008-02-08 18:13 ` Jeremiah Jahn
2008-02-08 19:13 ` Stephen Smalley
2008-02-08 20:12 ` Jeremiah Jahn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47AC5A69.2070202@redhat.com \
--to=dwalsh@redhat.com \
--cc=jeremiah@goodinassociates.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.