* system_u process does not have system_r
@ 2014-05-19 16:49 dE
0 siblings, 0 replies; only message in thread
From: dE @ 2014-05-19 16:49 UTC (permalink / raw)
To: selinux
I've mapped user 'de' to system_u --
semanage login -l
Login Name SELinux User MLS/MCS Range Service
__default__ unconfined_u s0-s0:c0.c1023 *
de system_u s0-s0:c0.c1023 *
root unconfined_u s0-s0:c0.c1023 *
system_u system_u s0-s0:c0.c1023 *
However the processes do not have system_r role, as a result the type
value of many context fail to set cause unconfined_r is not allowed to
have that type.
ps auxZ | grep nano
system_u:unconfined_r:unconfined_t:s0 de 544 0.0 0.3 115024 1568
pts/1 S+ 22:11 0:00 nano
system_u:unconfined_r:unconfined_t:s0 root 611 0.0 0.1 112632 888
pts/0 S+ 22:14 0:00 grep --color=auto nano
Actually unconfined_r role is not allowed for the user --
seinfo -uuser_u -x
user_u
default level: s0
range: s0
roles:
object_r
user_r
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-05-19 16:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-19 16:49 system_u process does not have system_r dE
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.