On Thu, Nov 11, 2010 at 10:07:44AM +0100, Jan-Frode Myklebust wrote: > Our userdatabase is in an LDAP directory, and home directories for these > are created on demand by pam_oddjob_mkhomedir on first login. Is there > any way of defaulting to create all users as selinux user "user_u" -- > instead of the default "unconfined_u" ? i think you want semanage login -m -s user_u -r s0-s0 __default__ > > It would be preferable to do this trough PAM, so that it only applies to > users affected by password authenticated users > (/etc/pam.d/password-auth-ac), and not to any system accounts that are > created trough f.ex. RPM. > > > -jf > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message.
Attachment:
pgpGq6ndWfKFc.pgp
Description: PGP signature
