Re: How can I create shadow_t file ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you.

I updated my tool's policy including 2 interfaces you guys introduced.

Still I can't add user from my tool and strangely, no AVC messages now
even I setSELinux permissive.
Of course when I set permissive, I can add user.
But, I don't have any denied logs now...

No way out ?



2009/5/13 Daniel J Walsh <dwalsh@xxxxxxxxxx>:
> On 05/13/2009 07:41 AM, Shintaro Fujiwara wrote:
>>
>> Well, I've been writing a policy to add user from certain domain.
>>
>> I wrote a policy including these interfaces,
>>
>> auth_domtrans_chk_passwd(segatex_t)
>> auth_manage_shadow(segatex_t)
>> auth_rw_shadow(segatex_t)
>> files_manage_etc_files(segatex_t)
>>
>> and still I can't add user from certain domain and when I look into
>> log, I have two denied messages,
>>
>> etc_t file create
>> shadow_t file create
>>
>> So I wrote exactly same thing to allow create these but sill I can't
>> add user nor delete user.
>>
>> I feel numb.
>>
>>
> You are fighting constraints.
>
> If your tool is relabeling you probably need,
> domain_subj_id_change_exemption(segatex_t)
> To allow you to change the user component.
>
> audit2allow -w (audit2why) will tell you if you are failing a constraint.
>



-- 
http://intrajp.no-ip.com/ Home Page

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux