SELinux questions NewSElinux user, New role, new domain

Daniel J Walsh dwalsh at redhat.com
Thu Jun 4 18:42:32 UTC 2009 

On 06/04/2009 02:32 PM, Mohamed Aburowais wrote:
>
> Hello,
> I'm actually new to SELinux, I've done all the tutorials in the Fedora10 SELinux guide and also has an old book about SELinux which doesn't work well with the one in Fedora10.
>
> I need a help in creating new policy and hope SELinux experts can in getting with SELinux, my current problems are:
> 1- I've created new SELinux user, example_u, using the command: semanage user -a -P user -R "user_r staff_r" example_u. it has been created, but when I mapped my user to it, and then log in from current user to example user and used the command id -Z , it shows example user is having the unconfine_u SELinux user, this is not the case when logging from remote ssh connection. The other concern is in /etc/selinux/targeted/context/users the new SELinux user example_u does not appear with these users with a file about it, but it is appeared when using semanage user -l .
>
You have to create the example_u to tell login programs to use it.

> 2- I also need to create a totally new role, empty and then give this role may domains to enter, a main one for the user, and ones for the files.
>
> 3- Then I need to create new domain, actually I know about how to make the .fc and .te files (not fully about .te), but with the .if I know a bit, but can I get more information about making this and then deploying it.
>
I don't understand your question.  You only need .if file if other 
domains are going to interact with your new domain.  Most user domains 
types do not need 'if' files.

>
> Thank you very much.
>
> _________________________________________________________________
> Get the best of MSN on your mobile
> http://clk.atdmt.com/UKM/go/147991039/direct/01/
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Did you create /etc/selinux/targeted/contexts/users/

More information about the fedora-selinux-list mailing list