Hi, >> >> I am trying to create a new user. I added it to the file local.users in >> the src directory and also to /etc/selinux/strict/users/local.users. I >> tried first to modify only the one in src but it did not work, so I also >> modified the other one. > > local.users is deprecated in FC5, and only looked at if SETLOCALDEFS=1 > in /etc/selinux/config. In FC5 and later, user manipulation is done via > semanage, and makes use of a separate mapping from Linux users to > SELinux user identities (the seusers mapping), so that one can > add/remove/modify Linux users without modifying kernel policy at all. > semanage login manipulates this mapping. semanage user can also be used > to manipulate SELinux user identities, but you generally shouldn't need > to do that - typically you would just have one SELinux user identity per > logical role, and then map Linux users to those SELinux user identities. That was my next question. I wanted to know if local.users did not work at all fro FC5. Now I have your answer. > > Um, you do know that FC5 policy is also based on refpolicy, right? And > that you should be doing a modular policy build even if you are building > from the upstream refpolicy, so that you can continue to use semodule > and semanage? yes, you were talking about it two weeks ago. But I did not know that there are things that do not work in the old way anymore. I was wondering if there is a place (a guide or a book) where I can find updated information. I am learning and it is kind of frustating to try to set up policies and then realize that the main problem is that one is working based on old instructions, and those are not always valid (although some of them are valid some times). When I look for info in internet most of the time I find instructions related to the old ways to work with selinux. Thank a lot, Sandra > > -- > Stephen Smalley > National Security Agency > > -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
