default user context on fedorapeople.org

Konstantin Ryabitsev icon at fedoraproject.org
Tue Mar 27 22:09:03 UTC 2012


On Tue, 2012-03-27 at 17:43 -0400, Konstantin Ryabitsev wrote:
> Let me verify this in my VM, though, before I'm forced to insert my
> foot
> into my mouth. :) 

Yes, it works just as I thought. If you want to test it out:

testguest.te:
--------------------------------
policy_module(testguest, 1.0.0)
role testguest_r;
irc_role(testguest_r, testguest_t)
userdom_restricted_user_template(testguest)
gen_user(testguest_u, user, testguest_r, s0, s0)
--------------------------------

make -f make -f /usr/share/selinux/devel/Makefile testguest.pp
semodule -i testguest.pp
cd /etc/selinux/targeted/contexts/users
cat guest_u | sed 's/guest_u/testguest_u/g' > testguest_u
useradd bob
passwd bob
usermod -Z testguest_u bob

As a result:

[bob at moppet ~]$ whoami
bob
[bob at moppet ~]$ id -Z
testguest_u:testguest_r:testguest_t:s0
[bob at moppet ~]$ telnet irc.freenode.org 6667
Trying 94.125.182.252...
telnet: connect to address 94.125.182.252: Permission denied

Best,
-- 
Konstantin Ryabitsev
Systems Administrator, Kernel.org
Montréal, Québec
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20120327/f8a47dfb/attachment-0001.sig>


More information about the infrastructure mailing list