Dominick, Thanks for the response. > You do not need to create a selinux user for that i believe. > > This is a system user. It does not have a login shell This service executes as it's own linux user, which doesn't have a login shell. This user is only used for this service. Because this dedicated linux user is executing this service, I wanted to create an selinux user to match. > Regardless of the above i will below show you how to create new confined users > > I will touch on two login users. A unprivileged login user and a restricted login user As mentioned above, this is not a login user. > semanage user -a -L s0 -r s0-s0 -R "myrestrictedloginuser_r" -P user myrestrictedloginuser_u This semanage line is what I was trying to avoid. I would like to create the selinux user in the module so I can use it in the .fc file. I understand the module I included does nothing useful. It was merely a simplified example of the problem I am experiencing. To reiterate, when I comment out the 'allow' line, the module compiles. When I comment out the 'gen_user' line, the module compiles. With both lines active, the module fails to compile. Thanks, Andrew -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
