----- Original Message ----- > From: "Robin Lee Powell" <rlpowell@xxxxxxxxxxxxxxxxxx> > To: selinux@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Friday, April 22, 2016 2:21:41 PM > Subject: unconfineduser module? > > > So my impression is that the "unconfined" module is the "man, users > do weird stuff" grabbag module, and that it is good and helpful to > run without it because *in theory*, nothing should actually need > the unconfined module to work. > > I noticed on my system that there's also an unconfineduser module , > but that I can't disable it: > > # semodule -d unconfineduser > Failed to resolve 'unconfined_u' in selinuxuser statement at line 19116 of > /var/lib/selinux/targeted/tmp/modules/100/base/cil > semodule: Failed! > Basically you can't disable unconfineduser while still logged in as unconfined_t # id -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > And so I'm vaguely curious as to what that module is for and how it > relates to the unconfined module; "man unconfined_selinux" does not > make it obvious. http://danwalsh.livejournal.com/42394.html > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx -- Simon Sekidde * Red Hat, Inc. * Westford, MA gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
