On Wed, 2005-08-10 at 07:50 -0700, Todd Merritt wrote:
> I'm having trouble adding a new role to selinux on FC4. I added the
> following lines to domains/user.te:
>
> limited_user_role(ua_pw_user)
>
> role_tty_type_change(user, ua_pw_user)
> role_tty_type_change(sysadm, ua_pw_user)
>
>
> and to macros/user_macros.te added
>
> role ua_pw_user_r types $1;
>
> to in_user_role.
>
> and to appconfig/default_type:
> ua_pw_user_r:ua_pw_user_t
>
> and to users:
> user tmerritt roles { user_r ua_pw_user_r };
>
> Now when I try to switch to that role I get:
>
> [tmerritt@host ~]$ id -Z
> tmerritt:user_r:user_t
> [tmerritt@host ~]$ newrole -r ua_pw_user_r
> Authenticating tmerritt.
> Password:
> tmerritt:ua_pw_user_r:ua_pw_user_t is not a valid context
>
>
> Am I missing something obvious ?
Doesn't look like limited_user_role() adds a:
role $1_r types $1_t;
statement to authorize the role for the type.
--
Stephen Smalley
National Security Agency
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
