On 09/07/2016 03:00 PM, Stephen Smalley wrote: > On 09/07/2016 08:47 AM, Dominick Grift wrote: >> On 09/07/2016 02:36 PM, Stephen Smalley wrote: >>> On 09/07/2016 12:42 AM, Gary Tierney wrote: >>>> On Tue, Sep 06, 2016 at 03:13:17PM -0400, Stephen Smalley >>>> wrote: >>>>> On 09/06/2016 09:48 AM, Gary Tierney wrote: >>>>>> static int seuser_sort_func(const void *arg1, const void >>>>>> *arg2) @@ -1074,9 +1130,6 @@ static >>>>>> genhomedircon_user_entry_t >>>>>> *get_users(genhomedircon_settings_t * s, if (strcmp(name, >>>>>> DEFAULT_LOGIN) == 0) continue; >>>>>> >>>>>> - if (strcmp(name, TEMPLATE_SEUSER) == 0) - >>>>>> continue; - >>>>> >>>>> This yields a warning/error on Fedora: $ sudo semodule -B >>>>> libsemanage.add_user: user system_u not in password file >>>>> >>>> >>>> I can re-add this conditional to prevent outputting the >>>> warning, though is there a reason for a login named "system_u" >>>> ? >>> >>> crond used to require one in order to look up the context for >>> system cron jobs; I'm not sure if that is still required, but it >>> is still present in Fedora. >> >> https://git.fedorahosted.org/cgit/cronie.git/commit/?id=e5280235809844f54d5956ec281472b63dcfc3f4 > > Ok, >> > so maybe someone should file a bug on policy to remove system_u > from seusers? After first testing that it doesn't break anything. > > > https://github.com/DefenSec/dssp/commit/08b73d7c79945bec0307aec76c04fccda9e336a6 -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
