Fwd: SELinux user login problem

Dominick Grift domg472 at gmail.com
Wed Feb 25 10:35:05 UTC 2009 

On Wed, 2009-02-25 at 16:01 +0530, prakash hallalli wrote:
> 
> Hi All,
> 
>        I have created 'myuser'  user and  created custom module policy
> for user.
>        I have installed successfully module, but when i logging myuser
> in
>     i will get bash prompt.
> 
>        I have followed  as below steps for creating module.
> 
>    #vi myuser.te 
>                          policy_module(myuser, 0.0.1)
>                          role myuser_r; 
>                          userdom_unpriv_user_templete(myuser)
> 
> #make ­-f /usr/share/selinux/devel/Makefile
> #sudo semodule ­i myuser.pp
> #semanage user ­a ­L s0 ­r s0­s0 ­L "myuser1_r" ­P user myuser1
> 
> #useradd ­Z myuser1 myuser1
> 
> I did all the step when i try login in system following error will
> display.
> 
> gtt login: myuser
> password: XXXXXX
> 
> -bash:  /home/myuser/.bash_profile: Permission denied
> -bash-3.1$
> 
> Please give what should i have to do.

1. Create a source policy module:
_________________________________

mkdir ~/myuser; cd ~/myuser;
echo "policy_module(myuser, 0.0.1)" > myuser.te;
echo "role myuser_r;" >> myuser.te;
echo "userdom_unpriv_user_template(myuser)" >> myuser.te;

2. Build the source policy module:
__________________________________

make -f /usr/share/selinux/devel/Makefile

3. Install the binary policy module:
____________________________________

sudo semodule -i myuser.pp

4. Create default contexts for myuser:
______________________________________

echo "system_r:local_login_t:s0       myuser_r:myuser_t:s0"
> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:remote_login_t:s0      myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:sshd_t:s0              myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:crond_t:s0             myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:xdm_t:s0               myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "myuser_r:myuser_su_t:s0         myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "myuser_r:myuser_sudo_t:s0       myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:initrc_su_t:s0         myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "myuser_r:myuser_t:s0            myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser

5. Create a SELinux user mapping for myuser:
____________________________________________

sudo semanage user -a -L s0 -r s0-s0 -R "myuser_r" -P user myuser

6. Add new myuser user for prakash:
___________________________________

sudo useradd -Z myuser prakash



> Thanks,
> Prakash.
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list