Fedora UBAC feature
Dominick Grift
domg472 at gmail.com
Wed Sep 15 09:57:31 UTC 2010
On 09/15/2010 11:23 AM, Roberto Sassu wrote:
> On Wednesday 15 September 2010 10:50:44 Roberto Sassu wrote:
>> Hi all
>>
>> i want to use UBAC feature in order to isolate an user from each other.
>> I created two users user1_u and user2_u mapped respectively to user1 and user2, and
>> i assigned them the role user_r.
>> Then i created two directories 'a' and 'b' labeled respectively user1_u:object_r:user_home_t:s0
>> and user2_u:object_r:user_home_t:s0. What i'm expecting is that user1 can access 'a' and not 'b',
>> viceversa for user2, but user1 is allowed to access both directories.
>>
>> --
>> This message was distributed to subscribers of the selinux mailing list.
>> If you no longer wish to subscribe, send mail to majordomo at tycho.nsa.gov with
>> the words "unsubscribe selinux" without quotes as the message.
>>
>
> Oh, sorry. I have not seen the UBAC variable is overwritten in the Fedora rpm spec file.
Yes Fedora disabled it. It can be enabled by modifying the spec file and
rebuilding the rpm.
I have it enabled and it works pretty good with some exceptions.
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100915/9e32187f/attachment.bin
More information about the selinux
mailing list