[ubuntu-hardened] selinux - mapping question
yossiozani at gmail.com
Thu Mar 12 08:17:59 GMT 2009
My question was about the *roles* and not about seuser.
My seuser is *staff_u* and of course the mappings selinux users into selinux
My question was how it know to choose the *staff_r* role and not the
On Thu, Mar 12, 2009 at 10:03 AM, Michal Zimen <michal.zimen at gmail.com>wrote:
> On Thu, 2009-03-12 at 00:52 +0200, yossi ozani wrote:
> Hi all...
> I started to learn selinux and I have a question about mapping in selinux.
> I logged in as *staff_u. *The command id -Z gives me the following
> context: user_u:user_r:user_t
> The command: semanage user -l |grep staff_u
> print the output: *staff_u sysadm_r staff_r*
> *My questions:*
> 1) How the login process know to choose the *staff_r* role and not the*sysadm_r
> * role ?
> semenage login -l
> --mappings linux users into selinux user (1:1)
> 2) If only one is the appropriate role why I can see a list of roles to
> some seusers like *staff_u* and *root* ?
> semanage user -l
> --mappings selinux users into selinux roles (1:n)
> Many thanks for the help
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-hardened