On Fri, Jun 13, 2008 at 08:26:30AM -0400, Stephen Smalley wrote:
> They shouldn't work from user_u, as that user identity/role isn't
> supposed to be able to use them (unprivileged user).
Right, I was trying to fix that, and apparently failed.
> > [root@system ~]# semanage login -l
> >
> > Login Name SELinux User MLS/MCS Range
> >
> > __default__ unconfined_u s0
> > root root s0-s0:c0.c1023
> > system_u system_u s0-s0:c0.c1023
>
> semanage user -l shows what?
I didn't know there was a "user" in addition to "login":
# semanage user -l
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range SELinux Roles
root unconfined s0 s0-s0:c0.c1023 system_r staff_r unconfined_r sysadm_r
staff_u staff s0 s0-s0:c0.c1023 system_r staff_r sysadm_r
sysadm_u sysadm s0 s0-s0:c0.c1023 sysadm_r
system_u user s0 s0-s0:c0.c1023 system_r
user_u user s0 s0 user_r
Now it seems obvious--I'm missing the unconfined_u user.
Comparing this to a working F9 system:
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range SELinux Roles
guest_u guest s0 s0 guest_r
root user s0 s0-s0:c0.c1023 system_r staff_r unconfined_r sysadm_r
staff_u user s0 s0-s0:c0.c1023 system_r staff_r sysadm_r
sysadm_u user s0 s0-s0:c0.c1023 sysadm_r
system_u user s0 s0-s0:c0.c1023 system_r
unconfined_u unconfined s0 s0-s0:c0.c1023 system_r unconfined_r
user_u user s0 s0 user_r
xguest_u xguest s0 s0 xguest_r
How do I fix this?
Thanks.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
