I have successfully rebuilt the policy with UBAC turned on. Now, I'm writing a policy to define some new types for user's files and i need to setup file contexts for every user in the platform. I see that the file file_contexts.homedirs uses a template in order to determine what rules must be added each time a new user is created. Does it is possible to add new rules in this template from a custom policy module or i need to recompile the entire policy with my modifications? Thanks. On Wednesday 15 September 2010 11:57:31 Dominick Grift wrote: > On 09/15/2010 11:23 AM, Roberto Sassu wrote: > > On Wednesday 15 September 2010 10:50:44 Roberto Sassu wrote: > >> Hi all > >> > >> i want to use UBAC feature in order to isolate an user from each other. > >> I created two users user1_u and user2_u mapped respectively to user1 and user2, and > >> i assigned them the role user_r. > >> Then i created two directories 'a' and 'b' labeled respectively user1_u:object_r:user_home_t:s0 > >> and user2_u:object_r:user_home_t:s0. What i'm expecting is that user1 can access 'a' and not 'b', > >> viceversa for user2, but user1 is allowed to access both directories. > >> > >> -- > >> This message was distributed to subscribers of the selinux mailing list. > >> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > >> the words "unsubscribe selinux" without quotes as the message. > >> > > > > Oh, sorry. I have not seen the UBAC variable is overwritten in the Fedora rpm spec file. > > Yes Fedora disabled it. It can be enabled by modifying the spec file and > rebuilding the rpm. > > I have it enabled and it works pretty good with some exceptions. > > > -- > > selinux mailing list > > selinux@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
