User policy problem with strict policy
James Morris
jmorris at redhat.com
Thu Oct 14 16:02:13 UTC 2004
On Thu, 14 Oct 2004, Stephen Smalley wrote:
> On Thu, 2004-10-14 at 11:13, James Morris wrote:
> > On Thu, 14 Oct 2004, Colin Walters wrote:
> >
> > > It's been that way as long as I can remember; you also need to do:
> > > full_user_role(jmorris)
> >
> > Thanks, that worked, but I can't recall doing it before.
>
> That only makes sense if you are going to do:
> user jmorris roles jmorris_r;
> role jmorris_r types jmorris_t;
>
> Otherwise, full_user_role(jmorris) is just going to define some types
> and rules that aren't ever going to be useable.
>
> But why do you want a per-user role/domain?
I don't know, I just wanted to restore what I thought was normal behavior.
So even in strict policy now, all normal users are user_u:user_r:user_t ?
- James
--
James Morris
<jmorris at redhat.com>
More information about the selinux
mailing list