MCS
Daniel J Walsh
dwalsh at redhat.com
Mon Oct 31 14:38:30 UTC 2005
Gene Czarcinski wrote:
> OK, I am starting to work with MCS.
>
> First I added some categories to setrans.conf:
> s0:c1=moonbeam
> s0:c2=test2
> s0:c3=test3
>
>
> Then I added a user to seusers:
> gc:user_r:s0:c0.c15
>
> Then I logged into that user.
>
> All new (written to?) files get created with s0:c0.c15 like:
> -rw-r--r-- gc gc user_u:object_r:user_home_t:s0:c0.c15
> bookmarks1.html
>
You want to specify
gc:user_u:s0-s0:c0.c15
This sets up user gc to be an SELinux user user_u with a range of
Categories from s0-s0:c0.c15. By default he will login with level s0
and all files will be created as s0. If you want to create a file under
a different category you can use chcon or chcat to create it.
> including some in /tmp:
> drwx------ gc gc user_u:object_r:tmp_t:s0:c0.c15 orbit-gc
> drwx------ gc gc user_u:object_r:tmp_t:s0:c0.c15 gconfd-gc
>
>
> Shouldn't they default to nothing and only get set if I do a chcat?
>
> BTW, I seem to remember that there were some gripe messages during bootup
> about the files in /tmp ... nothing in /var/log/* or dmesg.
>
> Bug, feature, or what am I doing wrong?
>
> Gene
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
--
More information about the fedora-selinux-list
mailing list