SELinux user login problem

Dominick Grift domg472 at gmail.com
Wed Feb 25 10:30:22 UTC 2009 

On Wed, 2009-02-25 at 15:38 +0530, prakash hallalli wrote:
> Hi All,
> 
>        I have created myuser  user and i created custom module for
> user.
>        i  have followed same below steps.
>    #vi myuser.te 
>                          policy_module(myuser, 0.0.1)
>                          role myuser_r; 
>                          userdom_unpriv_user_templete(myuser)

My previous example is incomplete. In this example i will show you
exactly how its done:

1. Create a source policy module:
_________________________________

mkdir ~/myuser; cd ~/myuser;
echo "policy_module(myuser, 0.0.1)" > myuser.te;
echo "role myuser_r;" >> myuser.te;
echo "userdom_unpriv_user_template(myuser)" >> myuser.te;

2. Build the source policy module:
__________________________________

make -f /usr/share/selinux/devel/Makefile

3. Install the binary policy module:
____________________________________

sudo semodule -i myuser.pp

4. Create default contexts for myuser:
______________________________________

echo "system_r:local_login_t:s0       myuser_r:myuser_t:s0"
> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:remote_login_t:s0      myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:sshd_t:s0              myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:crond_t:s0             myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:xdm_t:s0		      myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "myuser_r:myuser_su_t:s0         myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "myuser_r:myuser_sudo_t:s0       myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "system_r:initrc_su_t:s0         myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser
echo "myuser_r:myuser_t:s0            myuser_r:myuser_t:s0"
>> /etc/selinux/targeted/contexts/users/myuser

5. Create a SELinux user mapping for myuser:
____________________________________________

sudo semanage user -a -L s0 -r s0-s0 -R "myuser_r" -P user myuser

6. Add new myuser user for prakash:
___________________________________

sudo useradd -Z myuser prakash



> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list