FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 02-25-2009, 09:08 AM
prakash hallalli
 
Default SELinux user login problem

Hi All,

****** I have created myuser* user and i created custom module for user.
****** i* have followed same below steps.
** #vi myuser.te
************************ policy_module(myuser, 0.0.1)
************************ role myuser_r;

************************ userdom_unpriv_user_templete(myuser)

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 02-25-2009, 09:13 AM
Dominick Grift
 
Default SELinux user login problem

On Wed, 2009-02-25 at 15:38 +0530, prakash hallalli wrote:
> Hi All,
>
> I have created myuser user and i created custom module for
> user.
> i have followed same below steps.
> #vi myuser.te
> policy_module(myuser, 0.0.1)
> role myuser_r;
> userdom_unpriv_user_templete(myuser)
> --

cp /etc/selinux/targeted/contexts/users/user_u /etc/selinux/targeted/contexts/users/myuser

sudo semanage user -a -L s0 -r s0-s0 -R "myuser_r" -P user myuser

sudo useradd -Z myuser prakash

hth, Dominick
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 02-25-2009, 09:30 AM
Dominick Grift
 
Default SELinux user login problem

On Wed, 2009-02-25 at 15:38 +0530, prakash hallalli wrote:
> Hi All,
>
> I have created myuser user and i created custom module for
> user.
> i have followed same below steps.
> #vi myuser.te
> policy_module(myuser, 0.0.1)
> role myuser_r;
> userdom_unpriv_user_templete(myuser)

My previous example is incomplete. In this example i will show you
exactly how its done:

1. Create a source policy module:
_________________________________

mkdir ~/myuser; cd ~/myuser;
echo "policy_module(myuser, 0.0.1)" > myuser.te;
echo "role myuser_r;" >> myuser.te;
echo "userdom_unpriv_user_template(myuser)" >> myuser.te;

2. Build the source policy module:
__________________________________

make -f /usr/share/selinux/devel/Makefile

3. Install the binary policy module:
____________________________________

sudo semodule -i myuser.pp

4. Create default contexts for myuser:
______________________________________

echo "system_r:local_login_t:s0 myuser_r:myuser_t:s0"
> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:remote_login_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:sshd_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:crond_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:xdm_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "myuser_r:myuser_su_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "myuser_r:myuser_sudo_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:initrc_su_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "myuser_r:myuser_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser

5. Create a SELinux user mapping for myuser:
____________________________________________

sudo semanage user -a -L s0 -r s0-s0 -R "myuser_r" -P user myuser

6. Add new myuser user for prakash:
___________________________________

sudo useradd -Z myuser prakash



> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 04:47 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org