Fwd: SELinux user login problem
Dominick Grift
domg472 at gmail.com
Wed Feb 25 10:35:05 UTC 2009
On Wed, 2009-02-25 at 16:01 +0530, prakash hallalli wrote:
>
> Hi All,
>
> I have created 'myuser' user and created custom module policy
> for user.
> I have installed successfully module, but when i logging myuser
> in
> i will get bash prompt.
>
> I have followed as below steps for creating module.
>
> #vi myuser.te
> policy_module(myuser, 0.0.1)
> role myuser_r;
> userdom_unpriv_user_templete(myuser)
>
> #make -f /usr/share/selinux/devel/Makefile
> #sudo semodule i myuser.pp
> #semanage user a L s0 r s0s0 L "myuser1_r" P user myuser1
>
> #useradd Z myuser1 myuser1
>
> I did all the step when i try login in system following error will
> display.
>
> gtt login: myuser
> password: XXXXXX
>
> -bash: /home/myuser/.bash_profile: Permission denied
> -bash-3.1$
>
> Please give what should i have to do.
1. Create a source policy module:
_________________________________
mkdir ~/myuser; cd ~/myuser;
echo "policy_module(myuser, 0.0.1)" > myuser.te;
echo "role myuser_r;" >> myuser.te;
echo "userdom_unpriv_user_template(myuser)" >> myuser.te;
2. Build the source policy module:
__________________________________
make -f /usr/share/selinux/devel/Makefile
3. Install the binary policy module:
____________________________________
sudo semodule -i myuser.pp
4. Create default contexts for myuser:
______________________________________
echo "system_r:local_login_t:s0 myuser_r:myuser_t:s0"
> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:remote_login_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:sshd_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:crond_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:xdm_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "myuser_r:myuser_su_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "myuser_r:myuser_sudo_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:initrc_su_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "myuser_r:myuser_t:s0 myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
5. Create a SELinux user mapping for myuser:
____________________________________________
sudo semanage user -a -L s0 -r s0-s0 -R "myuser_r" -P user myuser
6. Add new myuser user for prakash:
___________________________________
sudo useradd -Z myuser prakash
> Thanks,
> Prakash.
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list