creating a new user

Stephen Smalley sds at tycho.nsa.gov
Thu Sep 28 17:44:30 UTC 2006 

On Wed, 2006-09-27 at 21:49 -0400, Sandra Julieta Rueda Rodriguez
wrote: 
> Hello,
> 
> I just executed the given instructions (semodule -n -r) to fix the problem
> with semodule and now everything is working ok. Thanks.
> 
> Now I have a different problem ....
> 
> I am trying to create a new user. I added it to the file local.users in
> the src directory and also to /etc/selinux/strict/users/local.users. I
> tried first to modify only the one in src but it did not work, so I also
> modified the other one.

local.users is deprecated in FC5, and only looked at if SETLOCALDEFS=1
in /etc/selinux/config.  In FC5 and later, user manipulation is done via
semanage, and makes use of a separate mapping from Linux users to
SELinux user identities (the seusers mapping), so that one can
add/remove/modify Linux users without modifying kernel policy at all.
semanage login manipulates this mapping.  semanage user can also be used
to manipulate SELinux user identities, but you generally shouldn't need
to do that - typically you would just have one SELinux user identity per
logical role, and then map Linux users to those SELinux user identities.

> Since I am working based on refpolicy (I already run make install-src) and
> the instructions I have found are for previous versions I am not sure if I
> need to run make policy, and then install.  Just to be sure I tried, make
> policy worked ok, but make install does not work ...

Um, you do know that FC5 policy is also based on refpolicy, right?  And
that you should be doing a modular policy build even if you are building
from the upstream refpolicy, so that you can continue to use semodule
and semanage?  

> I guess I am doing something wrong ... could anybody help me with that?
> 
> This is the output of make install:
> Validating strict file_contexts.
> /usr/sbin/setfiles -q -c /etc/selinux/strict/policy/policy.20
> file_contexts
> libsepol.context_from_record: user rueda is not defined
> libsepol.context_from_record: could not create context structure
> libsepol.context_from_string: could not create context structure
> libsepol.sepol_context_to_sid: could not convert rueda:staff_r:staff_t to sid
> file_contexts:  line 2149 has invalid context
> make: *** [/etc/selinux/strict/contexts/files/file_contexts] Error 1
> 
> rueda is the user I am trying to create by adding it to the local.users
> file. I am also trying to use it as part of the context for a file.


-- 
Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list