Problem creating user in loadable module
Andy Ruch
adruch2002 at yahoo.com
Wed Nov 14 23:02:36 UTC 2012
Dominick,
Thanks for the response.
> You do not need to create a selinux user for that i believe.
>
> This is a system user. It does not have a login shell
This service executes as it's own linux user, which doesn't have a login shell. This user is only used for this service. Because this dedicated linux user is executing this service, I wanted to create an selinux user to match.
> Regardless of the above i will below show you how to create new confined users
>
> I will touch on two login users. A unprivileged login user and a restricted login user
As mentioned above, this is not a login user.
> semanage user -a -L s0 -r s0-s0 -R "myrestrictedloginuser_r" -P user myrestrictedloginuser_u
This semanage line is what I was trying to avoid. I would like to create the selinux user in the module so I can use it in the .fc file.
I understand the module I included does nothing useful. It was merely a simplified example of the problem I am experiencing. To reiterate, when I comment out the 'allow' line, the module compiles. When I comment out the 'gen_user' line, the module compiles. With both lines active, the module fails to compile.
Thanks,
Andrew
More information about the selinux
mailing list