On 08/22/2016 04:22 PM, Gary Tierney wrote: > From: Gary Tierney <selinux@xxxxxxxxxxxxx> > > Re-spin of my original patch that adds support for logins mapped using the > group %syntax to genhomedircon. This version includes fixes for the issues > raised by Jason and splits the bugfix into a separate commit. > > There was a bit of confusion about the MLS level, I think, since semanage-user > supports a default MLS level and not semanage-login. So it wouldn't be possible > for a login to have a more specific level than the fallback login in that case. > Though the bugfix still addresses an issue with home directories outside of > /home / LU_HOMEDIRCETORY and is required for the second commit. semanage login can set a more limited range for a Linux user than what is allowed for the SELinux user. Thus, you can have a single SELinux user that is authorized for a wider range but narrow its scope on a per-Linux-user basis via semanage login. > > Gary Tierney (2): > genhomedircon: generate contexts for logins mapped to the default user > genhomedircon: add support for %group syntax > > libsemanage/src/genhomedircon.c | 314 +++++++++++++++++++++++++++++++--------- > 1 file changed, 243 insertions(+), 71 deletions(-) > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
