Re: unconfineduser module?
----- Original Message -----
From: "Robin Lee Powell"
<rlpowell(a)digitalkingdom.org>
To: selinux(a)lists.fedoraproject.org
Sent: Friday, April 22, 2016 2:21:41 PM
Subject: unconfineduser module?
So my impression is that the "unconfined" module is the "man, users
do weird stuff" grabbag module, and that it is good and helpful to
run without it because *in theory*, nothing should actually need
the unconfined module to work.
I noticed on my system that there's also an unconfineduser module ,
but that I can't disable it:
# semodule -d unconfineduser
Failed to resolve 'unconfined_u' in selinuxuser statement at line 19116 of
/var/lib/selinux/targeted/tmp/modules/100/base/cil
semodule: Failed!
Basically you can't disable unconfineduser while still logged in as unconfined_t
# id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
And so I'm vaguely curious as to what that module is for and how
it
relates to the unconfined module; "man unconfined_selinux" does not
make it obvious.
http://danwalsh.livejournal.com/42394.html
--
selinux mailing list
selinux(a)lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
--
Simon Sekidde * Red Hat, Inc. * Westford, MA
gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E