change a user's MCS category
Tyler Durvik
phangbyte at gmail.com
Fri Oct 30 14:10:10 UTC 2009
I have 3 levels set up using MCS under the targeted policy:
s0 SystemLow
s0-s0:c0.c1023 SystemLow-SystemHigh
s0-s0:c0.c1023 SystemHigh
s0:c0 A
s0:c1 B
s0:c2 C
I have 3 users set up and I want to assign an MCS category to each of
them. So for instance:
bob -> A
joe -> B
sue -> C
how can I do this? I have tried the examples at James Morris's blog
http://james-morris.livejournal.com/8228.html
I get the following error:
[root at fedora11sel targeted]# chcat -l -- +c0 bob
libsemanage.validate_handler: MLS range s0-s0:c0 for Unix user bob
exceeds allowed range s0 for SELinux user user_u (No such file or
directory).
libsemanage.validate_handler: seuser mapping [bob -> (user_u,
s0-s0:c0)] is invalid (No such file or directory).
libsemanage.dbase_llist_iterate: could not iterate over records (No
such file or directory).
/usr/sbin/semanage: Could not commit semanage transaction
Thanks for any help you may have
More information about the fedora-selinux-list
mailing list