On Fri, 2008-02-22 at 13:09 -0600, Jeremiah Jahn wrote:
> Since I'm working with the refpolicy source can I set it up there, or
> does this have to be a file separate from the source?
The equivalent file in the refpolicy source tree would be
config/appconfig-(mcs|mls)/secstaff_u_default_contexts
> On Fri, 2008-02-22 at 14:01 -0500, Christopher J. PeBenito wrote:
> > On Fri, 2008-02-22 at 12:15 -0600, Jeremiah Jahn wrote:
> > > I can't seem to get the login to set the proper initial role for a user.
> > > Every time I login, I end up as auditadm, and not secstaff.
> > >
> > > I have the following in my policy:
> > [...]
> > > user secstaff_u roles { secstaff_r secadm_r auditadm_r } level s0 range s0 - s0;
> >
> > You want to make the file /etc/selinux/NAME/contexts/users/secstaff_u
> > with the default contexts that you want. You probably want at least
> > this:
> >
> > system_r:local_login_t:s0 auditadm_r:auditadm_t:s0
> > system_r:remote_login_t:s0 auditadm_r:auditadm_t:s0
> > system_r:sshd_t:s0 auditadm_r:auditadm_t:s0
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
