On Wed, Nov 12, 2014 at 2:50 PM, Steve Lawrence <slawrence@xxxxxxxxxx> wrote:
> The sixth release candidate for the next release of SELinux Userspace
> [1] is now available.
[...]
> Please give this a test and let us know if you find any problems.
Hi Steve & SELinux folks
With 2.4, I noticed that the user mapping now includes the "object_r" role:
# semanage user -l
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range
SELinux Roles
root user s0 s0-s0:c0.c1023
object_r staff_r sysadm_r
staff_u user s0 s0
staff_r sysadm_r system_r
sysadm_u user s0 s0-s0:c0.c1023
object_r sysadm_r
system_u user s0 s0-s0:c0.c1023
object_r system_r
unconfined_u user s0 s0-s0:c0.c1023
object_r unconfined_r
user_u user s0 s0
object_r user_r
With 2.3, the "object_r" role was not in the list of allowed roles.
Now, I tried to remove the "object_r" role from one of my test VMs but
that totally screwed up the image (system froze, and reboot failed).
I'm not sure if I'm allowed to remove it or not now. If I should, I'll
investigate it further and see if I can get denials or other
information from it.
Wkr,
Sven Vermeulen
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
