[ubuntu-hardened] selinux - mapping question

Michal Zimen michal.zimen at gmail.com
Thu Mar 12 08:03:41 GMT 2009


On Thu, 2009-03-12 at 00:52 +0200, yossi ozani wrote:
> Hi all...
> I started to learn selinux and I have a question about mapping in
> selinux. 
> I logged in as staff_u. The command id -Z gives me the following
> context: user_u:user_r:user_t
> The command: semanage user -l |grep staff_u
> print the output: staff_u         sysadm_r staff_r
> My questions:
> 1) How the login process know to choose the staff_r role and not the
> sysadm_r role ?

      semenage login -l
           --mappings linux users into selinux user  (1:1)

> 2) If only one is the appropriate role why I can see a list of roles
> to some seusers like staff_u and root ?

    semanage  user -l
         --mappings selinux users into selinux roles (1:n)

> Many thanks for the help
> Yossi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20090312/d6d43aaa/attachment.htm 

More information about the ubuntu-hardened mailing list