new user domain
Daniel J Walsh
dwalsh at redhat.com
Mon Jun 19 14:09:31 UTC 2006
Stefan wrote:
> Hi,
>
> I'd like to create an user with a type of e.g. backup. So when the
> user logs in and types "id -Z"
> backup:user_r:backup_t:SystemLow-SystemHigh
> should be the right context.
>
> In the past I did this like that:
> full_user_role(backup)
> allow system_r backup_r
> allow sysadm_r backup_r
>
> undefine(`in_user_role')
> define(`in_user_role', `
> role user_r types $1;
> role second_r types $1;
> ')
>
> But now I'm using FC5 and things have changed. I searched a while and
> found the macro "unpriv_user_template". So I created a policy module:
>
> policy_module(backup,1.0.0)
> unpriv_user_template(backup)
>
> and tried to compile it. But I get an error message:
>
> Compiling mls backup module
> /usr/bin/checkmodule: loading policy configuration from tmp/backup.tmp
> backup.te:4:ERROR 'attribute userdomain is not declared' at token ';'
> on line 57013:
> #line 4
> type backup_t, userdomain;
> /usr/bin/checkmodule: error(s) encountered while parsing configuration
> make: *** [tmp/backup.mod] Error 1
>
This is a bug in the policy package. the template definition should have a
gen_require(`
attribute userdomain;
')
> Isn't this the right way? Did I something wrong? Or how do you create
> a new user domain?
>
> Best regards,
> Stefan
>
> PS: I'm using FC5 with the latest updates and the mls policy.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list