default user context on

Konstantin Ryabitsev icon at
Tue Mar 27 22:09:03 UTC 2012

On Tue, 2012-03-27 at 17:43 -0400, Konstantin Ryabitsev wrote:
> Let me verify this in my VM, though, before I'm forced to insert my
> foot
> into my mouth. :) 

Yes, it works just as I thought. If you want to test it out:

policy_module(testguest, 1.0.0)
role testguest_r;
irc_role(testguest_r, testguest_t)
gen_user(testguest_u, user, testguest_r, s0, s0)

make -f make -f /usr/share/selinux/devel/Makefile testguest.pp
semodule -i testguest.pp
cd /etc/selinux/targeted/contexts/users
cat guest_u | sed 's/guest_u/testguest_u/g' > testguest_u
useradd bob
passwd bob
usermod -Z testguest_u bob

As a result:

[bob at moppet ~]$ whoami
[bob at moppet ~]$ id -Z
[bob at moppet ~]$ telnet 6667
telnet: connect to address Permission denied

Konstantin Ryabitsev
Systems Administrator,
Montréal, Québec
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the infrastructure mailing list