FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 06-30-2008, 10:26 AM
Jonathan Stott
 
Default Creating a custom user role

Hi

I'm on FC9, and I would like to create a user based on guest_u who is almost as unprivileged as that role, but is allowed to ssh out.

So I opened up the polgengui tool kit and selected 'minimal terminal user role'

I then also allowed it access to the guest role as an additional role. (I'm not sure if this step is required)

I then allowed the role to connect to port 22

And then made the policy files.

On running the script, I got the message '/usr/sbin/semanage: You must
specify a prefix', which lead me to look a little closer at the generated file. One thing I noticed was that amongst the roles to be assigned to the new role was 'system_r', which I believe is the system administration role, so removing that and adding a prefix of user, I could then run the script and install the role.

Adding it as the role for the user I want to allow ssh access out to, I then tried to login, which got me the message

Unable to get valid context for username

Setting the user to guest_u or user_u works fine, though. What did I do wrong?

Regards,
Jonathan.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-03-2008, 06:38 PM
Daniel J Walsh
 
Default Creating a custom user role

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jonathan Stott wrote:
> Hi
>
> I'm on FC9, and I would like to create a user based on guest_u who is almost as unprivileged as that role, but is allowed to ssh out.
>
> So I opened up the polgengui tool kit and selected 'minimal terminal user role'
>
> I then also allowed it access to the guest role as an additional role. (I'm not sure if this step is required)
>
> I then allowed the role to connect to port 22
>
> And then made the policy files.
>
> On running the script, I got the message '/usr/sbin/semanage: You must
> specify a prefix', which lead me to look a little closer at the generated file. One thing I noticed was that amongst the roles to be assigned to the new role was 'system_r', which I believe is the system administration role, so removing that and adding a prefix of user, I could then run the script and install the role.
>
> Adding it as the role for the user I want to allow ssh access out to, I then tried to login, which got me the message
>
> Unable to get valid context for username
>
> Setting the user to guest_u or user_u works fine, though. What did I do wrong?
>
> Regards,
> Jonathan.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Grab the policycoreutils in Fedora Updates.

This item should be fixed there.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkhtHFQACgkQrlYvE4MpobMnxQCgyYH4nWMPBf sknMFyUBQeyDNh
oY8AoMUVFqxEimuWGl0JV2ZCSx7ER+mO
=UdIt
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 06:06 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org