On 06/04/2009 02:32 PM, Mohamed Aburowais wrote:
Hello,
I'm actually new to SELinux, I've done all the tutorials in the Fedora10 SELinux
guide and also has an old book about SELinux which doesn't work well with the one in
Fedora10.
I need a help in creating new policy and hope SELinux experts can in getting with
SELinux, my current problems are:
1- I've created new SELinux user, example_u, using the command: semanage user -a -P
user -R "user_r staff_r" example_u. it has been created, but when I mapped my
user to it, and then log in from current user to example user and used the command id -Z ,
it shows example user is having the unconfine_u SELinux user, this is not the case when
logging from remote ssh connection. The other concern is in
/etc/selinux/targeted/context/users the new SELinux user example_u does not appear with
these users with a file about it, but it is appeared when using semanage user -l .
You have to create the example_u to tell login programs to use it.
2- I also need to create a totally new role, empty and then give this
role may domains to enter, a main one for the user, and ones for the files.
3- Then I need to create new domain, actually I know about how to make the .fc and .te
files (not fully about .te), but with the .if I know a bit, but can I get more information
about making this and then deploying it.
I don't understand your question. You only need .if file if other
domains are going to interact with your new domain. Most user domains
types do not need 'if' files.
Thank you very much.
_________________________________________________________________
Get the best of MSN on your mobile
http://clk.atdmt.com/UKM/go/147991039/direct/01/
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list Did you create
/etc/selinux/targeted/contexts/users/