Re: Creating a custom user role

Hi I'm on FC9, and I would like to create a user based on guest_u who is almost as unprivileged as that role, but is allowed to ssh out. So I opened up the polgengui tool kit and selected 'minimal terminal user role' I then also allowed it access to the guest role as an additional role. (I'm not sure if this step is required) I then allowed the role to connect to port 22 And then made the policy files. On running the script, I got the message '/usr/sbin/semanage: You must specify a prefix', which lead me to look a little closer at the generated file. One thing I noticed was that amongst the roles to be assigned to the new role was 'system_r', which I believe is the system administration role, so removing that and adding a prefix of user, I could then run the script and install the role. Adding it as the role for the user I want to allow ssh access out to, I then tried to login, which got me the message Unable to get valid context for username Setting the user to guest_u or user_u works fine, though. What did I do wrong? Regards, Jonathan. -- fedora-selinux-list mailing list fedora-selinux-list(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkhtHFQACgkQrlYvE4MpobMnxQCgyYH4nWMPBfsknMFyUBQeyDNh oY8AoMUVFqxEimuWGl0JV2ZCSx7ER+mO =UdIt -----END PGP SIGNATURE-----