[ubuntu-hardened] selinux - mapping question
michal.zimen at gmail.com
Thu Mar 12 08:03:41 GMT 2009
On Thu, 2009-03-12 at 00:52 +0200, yossi ozani wrote:
> Hi all...
> I started to learn selinux and I have a question about mapping in
> I logged in as staff_u. The command id -Z gives me the following
> context: user_u:user_r:user_t
> The command: semanage user -l |grep staff_u
> print the output: staff_u sysadm_r staff_r
> My questions:
> 1) How the login process know to choose the staff_r role and not the
> sysadm_r role ?
semenage login -l
--mappings linux users into selinux user (1:1)
> 2) If only one is the appropriate role why I can see a list of roles
> to some seusers like staff_u and root ?
semanage user -l
--mappings selinux users into selinux roles (1:n)
> Many thanks for the help
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-hardened