According to
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/SELinux_Users_and_Administrators_Guide/index.html
(Table 3.1), guest_u can't use networking. What does this mean, regular
users on non-SELinux systems can't modify network parameters?
There are a few non-integrated aspects surrounding restricted users,
wondering if this is going to be rectified in the future or is there an
underlying reason it was done? Examples:
User deletion doesn't automatically remove any SELinux definition for
that user. I experimented enough to learn that, if a user is deleted
without removing the SELinux context and later a user with the same name
is created then it will automatically have the previously-defined
SELinux context. I saw the warnings when using useradd and userdel but
wondered why the process wasn't just integrated.
Changing a user to be restricted also requires using 'chcon -R' on their
home directory, is there a reason this isn't integrated?
If a user is made restricted and root then does 'su - <user>', 'id -Z'
doesn't report the restricted context even though whoami reports the
restricted user name. Is this "by design"?
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
