I'm trying to add a new role and test it by adding a user with access to
that role. I can su to the new user, but then when I try to newrole I get
"... is not a valid context". Here are my steps so far; I'm starting from
the default strict policy:
#useradd engineer
Added the following to .../strict/src/policy/users
user engineer roles { user_r developer_r };
Added the following to .../strict/src/policy/domains/user.te
full_user_role(developer)
allow system_r developer_r
allow sysadm_r developer_r
allow user_r developer_r
allow staff_r developer_r
Added the following into in_user_role macro in
.../strict/src/policy/macros/user_macros.te
role developer_r types $1;
Added the following to .../strict/src/policy/appconfig/default_type
developer_r:user_t
#make load
steve$ id -Z
user_u:user_r:user_t
steve$ su engineer
engineer$ id -Z
engineer:user_r:user_t
engineer$ newrole -r developer_r
engineer:developer_r:user_t is not a valid context
Any ideas what I've neglected in setting this up? Thanks!
Show replies by date