Hi,
I'd like to create an user with a type of e.g. backup. So when the user logs in and types "id -Z" backup:user_r:backup_t:SystemLow-SystemHigh should be the right context.
In the past I did this like that: full_user_role(backup) allow system_r backup_r allow sysadm_r backup_r
undefine(`in_user_role') define(`in_user_role', ` role user_r types $1; role second_r types $1; ')
But now I'm using FC5 and things have changed. I searched a while and found the macro "unpriv_user_template". So I created a policy module:
policy_module(backup,1.0.0) unpriv_user_template(backup)
and tried to compile it. But I get an error message:
Compiling mls backup module /usr/bin/checkmodule: loading policy configuration from tmp/backup.tmp backup.te:4:ERROR 'attribute userdomain is not declared' at token ';' on line 57013: #line 4 type backup_t, userdomain; /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/backup.mod] Error 1
Isn't this the right way? Did I something wrong? Or how do you create a new user domain?
Best regards, Stefan
PS: I'm using FC5 with the latest updates and the mls policy.
Stefan wrote:
Hi,
I'd like to create an user with a type of e.g. backup. So when the user logs in and types "id -Z" backup:user_r:backup_t:SystemLow-SystemHigh should be the right context.
In the past I did this like that: full_user_role(backup) allow system_r backup_r allow sysadm_r backup_r
undefine(`in_user_role') define(`in_user_role', ` role user_r types $1; role second_r types $1; ')
But now I'm using FC5 and things have changed. I searched a while and found the macro "unpriv_user_template". So I created a policy module:
policy_module(backup,1.0.0) unpriv_user_template(backup)
and tried to compile it. But I get an error message:
Compiling mls backup module /usr/bin/checkmodule: loading policy configuration from tmp/backup.tmp backup.te:4:ERROR 'attribute userdomain is not declared' at token ';' on line 57013: #line 4 type backup_t, userdomain; /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/backup.mod] Error 1
This is a bug in the policy package. the template definition should have a gen_require(` attribute userdomain; ')
Isn't this the right way? Did I something wrong? Or how do you create a new user domain?
Best regards, Stefan
PS: I'm using FC5 with the latest updates and the mls policy.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This is a bug in the policy package. the template definition should have a gen_require(` attribute userdomain; ')
There seems to be more to be done. After adding this require statements: gen_require(` attribute userdomain; attribute home_type; attribute home_dir_type; attribute untrusted_content_type; attribute untrusted_content_tmp_type; ')
I get the following error message: Compiling mls backup module /usr/bin/checkmodule: loading policy configuration from tmp/backup.tmp backup.te:4:ERROR 'syntax error' at token '}' on line 67925: #line 4 } /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/backup.mod] Error 1
Best regards, Stefan
selinux@lists.fedoraproject.org