[refpolicy] after update with selinux userspace, and refpolicy cant login as my username and specified context.

Christopher J. PeBenito cpebenito at tresys.com
Mon Oct 26 07:40:45 CDT 2009


On Sun, 2009-10-25 at 19:17 +0000, Justin P. Mattock wrote:
> Justin Mattock wrote:
> > just pulled userspace tools update, and
> > refpolicy. seems I'm might be missing something
> > new.
> >
> > id -Z shows
> > user_u:user_r:user_t
> >
> > is there a boolean that I'm missing?
> > (BTW I have namespace.so enabled)
> >
> >    
> So after getting some rest, and coming back to this
> problem opening up gitk the first commit showing itself
> seemed to be the problem somehow/someway:
> 
> Author: Chris PeBenito<cpebenito at tresys.com>   2009-10-23 08:20:07
> Committer: Chris PeBenito<cpebenito at tresys.com>   2009-10-23 08:20:07
> Parent: a1a45de06e41c529ad521058e438e20b5907cd45 (reorganize a92ee50)
> Branches: master, remotes/origin/master
> Follows: RELEASE_2_20090730
> Precedes:
> 
>      Install the seusers file for monolithic policy.
> 
> when this commit is in the policy I get after logging in:
> user_u:user_r:user_t
> reverting this patch gives me
> name:role_r:role_t
> 
> Wondering if Im doing something wrong with my build of
> policy/users
> 
> gen_user(name, system_u, sysadm_r staff_r user_r, s0, s0 - mls_systemhigh, mcs_allcats)

You need to add name:role to the seusers file, otherwise you get the
__default__ seuser (user_u).  If the seusers file is missing, it falls
back to trying linuxuser as the seuser, then falls back to user_u.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150



More information about the refpolicy mailing list