Hi list,
we have a report about a possible regression in "semanage user" and I'd
like to hear your opinion on what the correct behaviour should be.
Given that local changes have been made to a SELinux user definition
(originally defined in policy)
e.g. # semanage user -m staff_u -r "s0"
and the SELinux user is mapped to some Linux user
# semanage login -a -s staff_u staff
both
# semanage user -d staff_u
and
# semanage user --deleteall
will fail to remove the local change with the following message:
"libsemanage.lookup_seuser: staff_u is being used by staff login record
(Invalid argument)."
Is this the intended behaviour?
I would assume that this error message was intended only for locally
defined SELinux users (in which case "semanage user -d selinux_user"
would remove the only definition of "selinux_user"). If so, is there any
way to determine if a SELinux user has been defined only locally (as
opposed to being defined in policy) after some local changes have been made?
Best regards,
Vit Mojzis
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
