[redhat-lspp] RBAC Roles
Stephen Smalley
sds at tycho.nsa.gov
Tue Sep 20 12:35:47 UTC 2005
On Tue, 2005-09-20 at 08:29 -0400, Karl MacMillan wrote:
> [kmacmillan at localhost ~]$ seinfo --users=root -x
> root
> system_r
> user_r
> sysadm_r
>
> You must provide a username that policy understands, as Steve mentions. It
> wouldn't be hard to make it understand Linux usernames as well. Note that
> you must be able to read the policy in order to run this utility (I'm
> running this under targeted above).
Hmm...looks like setools 2.1.2 isn't in rawhide yet, and you need it to
deal with policy version 20. I get no output from the above command on
a rawhide box, but rpm -q setools says 2.1.1-4. If I run seinfo on a
policy.19 file, it works correctly.
BTW, I think we'll want the utility for this purpose to read the
separate users configuration files (or more accurately, to use
libsemanage to query) maintained under /etc/selinux/$SELINUXTYPE/users
rather than directly reading the binary policy file, so that we don't
have to allow full read access to the entire policy for this purpose.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list