Hi. We have lot of guest_u users don't want to use 'guest_exec_content', which will enable access to all users. SELinux User Capabilities lists guest_u has "X-windows=no, su/sudo=no , home/tmp execute perm=no , networking=no" Is it possible to add new role like 'eguest_u' "X-windows=no, su/sudo=no , home/tmp execute perm=yes , networking=no" Alternate method will be, Removing network support from "user_u". Thanks for any pointers. ---- Cheers, Lakshmipathi.G http://www.giis.co.in http://www.webminal.org http://www.btrfs.in _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx