Re: SELinux questions NewSElinux user, New role, new domain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/04/2009 02:32 PM, Mohamed Aburowais wrote:

Hello,
I'm actually new to SELinux, I've done all the tutorials in the Fedora10 SELinux guide and also has an old book about SELinux which doesn't work well with the one in Fedora10.

I need a help in creating new policy and hope SELinux experts can in getting with SELinux, my current problems are:
1- I've created new SELinux user, example_u, using the command: semanage user -a -P user -R "user_r staff_r" example_u. it has been created, but when I mapped my user to it, and then log in from current user to example user and used the command id -Z , it shows example user is having the unconfine_u SELinux user, this is not the case when logging from remote ssh connection. The other concern is in /etc/selinux/targeted/context/users the new SELinux user example_u does not appear with these users with a file about it, but it is appeared when using semanage user -l .

You have to create the example_u to tell login programs to use it.

2- I also need to create a totally new role, empty and then give this role may domains to enter, a main one for the user, and ones for the files.

3- Then I need to create new domain, actually I know about how to make the .fc and .te files (not fully about .te), but with the .if I know a bit, but can I get more information about making this and then deploying it.

I don't understand your question. You only need .if file if other domains are going to interact with your new domain. Most user domains types do not need 'if' files.


Thank you very much.

_________________________________________________________________
Get the best of MSN on your mobile
http://clk.atdmt.com/UKM/go/147991039/direct/01/


------------------------------------------------------------------------

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Did you create /etc/selinux/targeted/contexts/users/

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux