Dan,
I have created SeLinux users which can take on roles of system_r and
sysadm_r and tied them the Linux users created (though they are
nologin). This is needed so that these linux users can execute
applications in our product taking on system_r or sysadm_r roles.
Thanks,
Radha.
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: Friday, October 15, 2010 12:53 PM
To: Radha Venkatesh (radvenka)
Cc: fedora-selinux-list(a)redhat.com
Subject: Re: Addition of selinux users causes "Multiple same
specifications" warnings during startup
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/15/2010 03:27 PM, Radha Venkatesh (radvenka) wrote:
Dan,
These users do not login to the system and their shells are already
set to /sbin/nologin.
Thanks,
Radha.
Then why are you assigning user context to the accounts. genhomedircon
must have a bug in that it is ignoring the shell if the user has an
assigned seusers label.
-----Original Message-----
From: Daniel J Walsh [mailto:dwalsh@redhat.com]
Sent: Friday, October 15, 2010 12:18 PM
To: Radha Venkatesh (radvenka)
Cc: fedora-selinux-list(a)redhat.com
Subject: Re: Addition of selinux users causes "Multiple same
specifications" warnings during startup
On 10/15/2010 03:11 PM, Radha Venkatesh (radvenka) wrote:
> Yes, for security reasons, /dev/null is being used as the homedir for
> users in our product.
> Thanks,
> Radha.
> -----Original Message-----
> From: Daniel J Walsh [mailto:dwalsh@redhat.com]
> Sent: Friday, October 15, 2010 12:02 PM
> To: Radha Venkatesh (radvenka)
> Cc: fedora-selinux-list(a)redhat.com
> Subject: Re: Addition of selinux users causes "Multiple same
> specifications" warnings during startup
> On 10/15/2010 02:33 PM, Radha Venkatesh (radvenka) wrote:
>> I have created SeLinux users using "semanage user" and tied the
>> SeLinux users to Linux users using "semanage login". I find that on
>> startup, there are several warnings thrown for "Multiple same
> specifications".
>> Below is an example
>> /etc/selinux/strict/contexts/files/file_contexts: Multiple same
>> specifications for /dev/null/\.screenrc
>> I then checked and found that file_contexts has
>> file_contexts.homedirs:/dev/null/\.screenrc --
>> ccmusergrp_u:object_r:user_screen_ro_home_t:s0
>> file_contexts.homedirs:/dev/null/\.screenrc --
>> ccmusergrp_u:object_r:user_screen_ro_home_t:s0
>> file_contexts.homedirs:/dev/null/\.screenrc --
>> specialuser_u:object_r:user_screen_ro_home_t:s0
>> file_contexts.homedirs:/dev/null/\.screenrc --
>> ccmusergrp_u:object_r:user_screen_ro_home_t:s0
>> file_contexts.homedirs:/dev/null/\.screenrc --
>> ccmusergrp_u:object_r:user_screen_ro_home_t:s0
>> file_contexts.homedirs:/dev/null/\.screenrc --
>> specialuser_u:object_r:user_screen_ro_home_t:s0
>> Looks like there is an entry for every Linux user I tied to the
>> SeLinux user.
>> I am using
>> libselinux-1.33.4-5.5.el5
>> libsemanage-1.9.1-4.4.el5
>> policycoreutils-1.33.12-14.8.el5
>> libsepol-1.15.2-3.el5
>> and do not have an option to move to later releases.
>> Is there a way for me to get rid of these warnings or suppress them,
>> without changing the source code provided by RedHat?
>> Thanks,
>> Radha.
>> --
>> selinux mailing list
>> selinux(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
> This looks like /dev/null is defined as a homedir?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAky4sQ0ACgkQrlYvE4MpobOCIQCfT9wyJVOqwLL7Qpia8WEIuK+Y
Lc8AoJcAuBqaxzM0ENUhB9a6nlGHEpUf
=oFYy
-----END PGP SIGNATURE-----