Re: User role and transitioning

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2012-02-10 at 14:06 -0500, Konstantin Ryabitsev wrote:
> Hi, all:
> 
> I'm trying to lock down the gitolite user by creating a user role that
> would be pretty much "guest_u" plus pemission to transition to
> gitosis_t.
> 

This might work:

mkdir ~/mygito; cd ~/mygito;

echo "policy_module(mygito, 1.0.0)" > mygito.te;
echo "role mygito_r;" >> mygito.te; 
echo "userdom_restricted_user_template(mygito)" >> mygito.te;
echo "gitosis_run(mygito_t, mygito_r)" >> mygito.te; 
echo "gen_user(mygito_u, user, mygito_r, s0, s0)" >> mygito.te;

make -f /usr/share/selinux/devel/Makefile mygito.pp
sudo semodule -i mygito.pp

useradd -Z mygito_u mygito
passwd mygito


> I've not yet written a user role policy, so I'm not sure where I should
> start.
> 
> Best,
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux