FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 02-10-2012, 06:06 PM
Konstantin Ryabitsev
 
Default User role and transitioning

Hi, all:

I'm trying to lock down the gitolite user by creating a user role that
would be pretty much "guest_u" plus pemission to transition to
gitosis_t.

I've not yet written a user role policy, so I'm not sure where I should
start.

Best,
--
Konstantin Ryabitsev
Systems Administrator
The Linux Foundation
Montréal, Québec
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 02-10-2012, 06:18 PM
Dominick Grift
 
Default User role and transitioning

On Fri, 2012-02-10 at 14:06 -0500, Konstantin Ryabitsev wrote:
> Hi, all:
>
> I'm trying to lock down the gitolite user by creating a user role that
> would be pretty much "guest_u" plus pemission to transition to
> gitosis_t.
>

This might work:

mkdir ~/mygito; cd ~/mygito;

echo "policy_module(mygito, 1.0.0)" > mygito.te;
echo "role mygito_r;" >> mygito.te;
echo "userdom_restricted_user_template(mygito)" >> mygito.te;
echo "gitosis_run(mygito_t, mygito_r)" >> mygito.te;
echo "gen_user(mygito_u, user, mygito_r, s0, s0)" >> mygito.te;

make -f /usr/share/selinux/devel/Makefile mygito.pp
sudo semodule -i mygito.pp

useradd -Z mygito_u mygito
passwd mygito


> I've not yet written a user role policy, so I'm not sure where I should
> start.
>
> Best,
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 04:09 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org