SELinux questions NewSElinux user, New role, new domain

[Mohamed Aburowais]

Hello,
I'm actually new to SELinux, I've done all the tutorials in the Fedora10 SELinux guide and also has an old book about SELinux which doesn't work well with the one in Fedora10.
 
I need a help in creating new policy and hope SELinux experts can in getting with SELinux, my current problems are:
1- I've created new SELinux user, example_u, using the command: semanage user -a -P user -R "user_r staff_r" example_u. it has been created, but when I mapped my user to it, and then log in from current user to example user and used the command id -Z , it shows example user is having the unconfine_u SELinux user, this is not the case when logging from remote ssh connection. The other concern is in /etc/selinux/targeted/context/users the new SELinux user example_u does not appear with these users with a file about it, but it is appeared when using semanage user -l .

2- I also need to create a totally new role, empty and then give this role may domains to enter, a main one for the user, and ones for the files.

3- Then I need to create new domain, actually I know about how to make the .fc and .te files (not fully about .te), but with the .if I know a bit, but can I get more information about making this and then deploying it.


Thank you very much.

_________________________________________________________________
Get the best of MSN on your mobile
http://clk.atdmt.com/UKM/go/147991039/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090604/ffc5c21a/attachment.htm>