Creating a custom user role

[Jonathan Stott]

Hi

I'm on FC9, and I would like to create a user based on guest_u who is almost as unprivileged as that role, but is allowed to ssh out.

So I opened up the polgengui tool kit and selected 'minimal terminal user role'

I then also allowed it access to the guest role as an additional role. (I'm not sure if this step is required)

I then allowed the role to connect to port 22

And then made the policy files.

On running the script, I got the message '/usr/sbin/semanage: You must
specify a prefix', which lead me to look a little closer at the generated file. One thing I noticed was that amongst the roles to be assigned to the new role was 'system_r', which I believe is the system administration role, so removing that and adding a prefix of user, I could then run the script and install the role.

Adding it as the role for the user I want to allow ssh access out to, I then tried to login, which got me the message

Unable to get valid context for username

Setting the user to guest_u or user_u works fine, though. What did I do wrong?

Regards,
Jonathan.