Hi
I'm on FC9, and I would like to create a user based on guest_u who is almost as
unprivileged as that role, but is allowed to ssh out.
So I opened up the polgengui tool kit and selected 'minimal terminal user role'
I then also allowed it access to the guest role as an additional role. (I'm not sure
if this step is required)
I then allowed the role to connect to port 22
And then made the policy files.
On running the script, I got the message '/usr/sbin/semanage: You must
specify a prefix', which lead me to look a little closer at the generated file. One
thing I noticed was that amongst the roles to be assigned to the new role was
'system_r', which I believe is the system administration role, so removing that
and adding a prefix of user, I could then run the script and install the role.
Adding it as the role for the user I want to allow ssh access out to, I then tried to
login, which got me the message
Unable to get valid context for username
Setting the user to guest_u or user_u works fine, though. What did I do wrong?
Regards,
Jonathan.
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list Grab the
policycoreutils in Fedora Updates.
This item should be fixed there.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkhtHFQACgkQrlYvE4MpobMnxQCgyYH4nWMPBfsknMFyUBQeyDNh
oY8AoMUVFqxEimuWGl0JV2ZCSx7ER+mO
=UdIt
-----END PGP SIGNATURE-----