SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Bug in the semanage user management code or genhomedircon? This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] From: Stephen Smalley <sds_at_tycho.nsa.gov> Date: Fri, 17 Mar 2006 07:46:46 -0500 On Fri, 2006-03-17 at 08:11 +0100, Thomas Bleher wrote: > Ivan Gyurdiev <ivg2@cornell.edu> [2006-03-16 23:53]:* > > > > >What am I doing wrong? > > > > > Can you let me know what you see with the following policycoreutils > > patch, when you try the same thing (do semanage user -l, should show the > > labeling prefix for each user). > > OK, this seems to show the problem: > # semanage user -l > > Labeling MLS/ MLS/ > SELinux User Prefix MCS Level MCS Range SELinux Roles > > root user s0 s0-s0:c0.c255 system_r sysadm_r staff_r > staff_u user s0 s0-s0:c0.c255 sysadm_r staff_r > sysadm_u user s0 s0-s0:c0.c255 sysadm_r > system_u user s0 s0-s0:c0.c255 system_r > user_u user s0 s0 user_r > > Where is the labeling prefix set? Or better, where can I change it? It is supplied by an auxiliary file, users_extra, that is now an optional part of the policy module package format, to provide an explicit mapping from SELinux users to labeling prefixes. The original genhomedircon was (improperly) making assumptions about the significance of the ordering of roles in the policy/users file (as that ordering had no inherent meaning to SELinux and was lost upon policy compilation) and naturally also required access to that source file, whereas it now uses libsemanage to access an explicit mapping file supplied with the policy. # cat /etc/selinux/mls/modules/active/users_extra user user_u prefix user; user staff_u prefix staff; user sysadm_u prefix sysadm; user root prefix sysadm; -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Fri 17 Mar 2006 - 07:41:47 EST This message: [ Message body ] Next message: Stephen Smalley: "Re: semodule dumps core" Previous message: Thomas Bleher: "Re: Bug in the semanage user management code or genhomedircon?" In reply to: Thomas Bleher: "Re: Bug in the semanage user management code or genhomedircon?" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom