User role and transitioning
Dominick Grift
dominick.grift at gmail.com
Fri Feb 10 19:18:09 UTC 2012
On Fri, 2012-02-10 at 14:06 -0500, Konstantin Ryabitsev wrote:
> Hi, all:
>
> I'm trying to lock down the gitolite user by creating a user role that
> would be pretty much "guest_u" plus pemission to transition to
> gitosis_t.
>
This might work:
mkdir ~/mygito; cd ~/mygito;
echo "policy_module(mygito, 1.0.0)" > mygito.te;
echo "role mygito_r;" >> mygito.te;
echo "userdom_restricted_user_template(mygito)" >> mygito.te;
echo "gitosis_run(mygito_t, mygito_r)" >> mygito.te;
echo "gen_user(mygito_u, user, mygito_r, s0, s0)" >> mygito.te;
make -f /usr/share/selinux/devel/Makefile mygito.pp
sudo semodule -i mygito.pp
useradd -Z mygito_u mygito
passwd mygito
> I've not yet written a user role policy, so I'm not sure where I should
> start.
>
> Best,
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
More information about the selinux
mailing list