On Mon, 26 Sep 2005 12:31:51 +0200, Armando Aznar said: > I have enabled the targeted policy, so all the users run with the user > "user_u" (then all the users have all the permissions in SELinux). > How could i create a user who run with the user "system_u" so this user dont > have all the permissions? This is probably doomed to failure, because the targeted policy cuts a *lot* of corners because it's not making any realistic attempt to protect legitimate system users/types from each other. You really need to start with the 'strict' policy - that has support for separating users. (Basically, in the 'targeted' policy, so many things will treat 'user_u:object_r:unconfined_t' and 'system_u:object_r:unconfined_t' as being equivalent that you're not going to get anywhere useful....)
Attachment:
pgp4jzHbZJJoK.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
