-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jonathan Stott wrote: > Hi > > I'm on FC9, and I would like to create a user based on guest_u who is almost as unprivileged as that role, but is allowed to ssh out. > > So I opened up the polgengui tool kit and selected 'minimal terminal user role' > > I then also allowed it access to the guest role as an additional role. (I'm not sure if this step is required) > > I then allowed the role to connect to port 22 > > And then made the policy files. > > On running the script, I got the message '/usr/sbin/semanage: You must > specify a prefix', which lead me to look a little closer at the generated file. One thing I noticed was that amongst the roles to be assigned to the new role was 'system_r', which I believe is the system administration role, so removing that and adding a prefix of user, I could then run the script and install the role. > > Adding it as the role for the user I want to allow ssh access out to, I then tried to login, which got me the message > > Unable to get valid context for username > > Setting the user to guest_u or user_u works fine, though. What did I do wrong? > > Regards, > Jonathan. > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Grab the policycoreutils in Fedora Updates. This item should be fixed there. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkhtHFQACgkQrlYvE4MpobMnxQCgyYH4nWMPBfsknMFyUBQeyDNh oY8AoMUVFqxEimuWGl0JV2ZCSx7ER+mO =UdIt -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
