We're currently running into issues attempting to get a default
context for a newly added SELinux user.
The user has been added with semanage, and associated with a few
roles. There are role declarations and allows (to and from the "scon"
role) in place in the policy. We've also added entries to
/etc/selinux/mls/contexts/{default_contexts,users/foo_u} to facilitate
getting a default context for the SELinux user.
The desire is to switch security labels based on the specified user's
default context, like so:
root:staff_r:staff_t:s0 -> foo_u:foo_r:foo_t:s0
We're using a call to `get_default_context("foo_u",
"root:staff_r:staff_t:s0", &new_context)` to get the default, but that
doesn't seem to be finding working.
In testing with a more verbose version of security_compute_user_raw,
we noticed that the list of available contexts for foo_u are empty.
This behavior has been noted for staff_u as well.
Curious to know if there's something glaringly obvious that we're missing.
Respectfully,
Mike
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
