On Fri, 2012-02-10 at 14:06 -0500, Konstantin Ryabitsev wrote: > Hi, all: > > I'm trying to lock down the gitolite user by creating a user role that > would be pretty much "guest_u" plus pemission to transition to > gitosis_t. > This might work: mkdir ~/mygito; cd ~/mygito; echo "policy_module(mygito, 1.0.0)" > mygito.te; echo "role mygito_r;" >> mygito.te; echo "userdom_restricted_user_template(mygito)" >> mygito.te; echo "gitosis_run(mygito_t, mygito_r)" >> mygito.te; echo "gen_user(mygito_u, user, mygito_r, s0, s0)" >> mygito.te; make -f /usr/share/selinux/devel/Makefile mygito.pp sudo semodule -i mygito.pp useradd -Z mygito_u mygito passwd mygito > I've not yet written a user role policy, so I'm not sure where I should > start. > > Best, > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
