On Mon, 26 Sep 2005 12:31:51 +0200, Armando Aznar said:
I have enabled the targeted policy, so all the users run with the user "user_u" (then all the users have all the permissions in SELinux).
How could i create a user who run with the user "system_u" so this user dont have all the permissions?
This is probably doomed to failure, because the targeted policy cuts a *lot* of corners because it's not making any realistic attempt to protect legitimate system users/types from each other. You really need to start with the 'strict' policy - that has support for separating users.
(Basically, in the 'targeted' policy, so many things will treat 'user_u:object_r:unconfined_t' and 'system_u:object_r:unconfined_t' as being equivalent that you're not going to get anywhere useful....)