Gene Czarcinski wrote:
OK, I am starting to work with MCS.
First I added some categories to setrans.conf:
s0:c1=moonbeam
s0:c2=test2
s0:c3=test3
Then I added a user to seusers:
gc:user_r:s0:c0.c15
Then I logged into that user.
All new (written to?) files get created with s0:c0.c15 like:
-rw-r--r-- gc gc user_u:object_r:user_home_t:s0:c0.c15
bookmarks1.html
You want to specify
gc:user_u:s0-s0:c0.c15
This sets up user gc to be an SELinux user user_u with a range of
Categories from s0-s0:c0.c15. By default he will login with level s0
and all files will be created as s0. If you want to create a file under
a different category you can use chcon or chcat to create it.
including some in /tmp:
drwx------ gc gc user_u:object_r:tmp_t:s0:c0.c15 orbit-gc
drwx------ gc gc user_u:object_r:tmp_t:s0:c0.c15 gconfd-gc
Shouldn't they default to nothing and only get set if I do a chcat?
BTW, I seem to remember that there were some gripe messages during bootup
about the files in /tmp ... nothing in /var/log/* or dmesg.
Bug, feature, or what am I doing wrong?
Gene
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
