I have successfully rebuilt the policy with UBAC turned on.
Now, I'm writing a policy to define some new types for user's files and i need to
setup
file contexts for every user in the platform.
I see that the file file_contexts.homedirs uses a template in order to determine what
rules must be
added each time a new user is created.
Does it is possible to add new rules in this template from a custom policy module or
i need to recompile the entire policy with my modifications?
Thanks.
On Wednesday 15 September 2010 11:57:31 Dominick Grift wrote:
On 09/15/2010 11:23 AM, Roberto Sassu wrote:
> On Wednesday 15 September 2010 10:50:44 Roberto Sassu wrote:
>> Hi all
>>
>> i want to use UBAC feature in order to isolate an user from each other.
>> I created two users user1_u and user2_u mapped respectively to user1 and user2,
and
>> i assigned them the role user_r.
>> Then i created two directories 'a' and 'b' labeled respectively
user1_u:object_r:user_home_t:s0
>> and user2_u:object_r:user_home_t:s0. What i'm expecting is that user1 can
access 'a' and not 'b',
>> viceversa for user2, but user1 is allowed to access both directories.
>>
>> --
>> This message was distributed to subscribers of the selinux mailing list.
>> If you no longer wish to subscribe, send mail to majordomo(a)tycho.nsa.gov with
>> the words "unsubscribe selinux" without quotes as the message.
>>
>
> Oh, sorry. I have not seen the UBAC variable is overwritten in the Fedora rpm spec
file.
Yes Fedora disabled it. It can be enabled by modifying the spec file and
rebuilding the rpm.
I have it enabled and it works pretty good with some exceptions.
> --
> selinux mailing list
> selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux