Stefan wrote:
Hi,
I'd like to create an user with a type of e.g. backup. So when the
user logs in and types "id -Z"
backup:user_r:backup_t:SystemLow-SystemHigh
should be the right context.
In the past I did this like that:
full_user_role(backup)
allow system_r backup_r
allow sysadm_r backup_r
undefine(`in_user_role')
define(`in_user_role', `
role user_r types $1;
role second_r types $1;
')
But now I'm using FC5 and things have changed. I searched a while and
found the macro "unpriv_user_template". So I created a policy module:
policy_module(backup,1.0.0)
unpriv_user_template(backup)
and tried to compile it. But I get an error message:
Compiling mls backup module
/usr/bin/checkmodule: loading policy configuration from tmp/backup.tmp
backup.te:4:ERROR 'attribute userdomain is not declared' at token ';'
on line 57013:
#line 4
type backup_t, userdomain;
/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/backup.mod] Error 1
This is a bug in the policy package. the template definition should have a
gen_require(`
attribute userdomain;
')
Isn't this the right way? Did I something wrong? Or how do you create
a new user domain?
Best regards,
Stefan
PS: I'm using FC5 with the latest updates and the mls policy.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
