[ubuntu-hardened] selinux - mapping question
yossi ozani
yossiozani at gmail.com
Thu Mar 12 08:17:59 GMT 2009
Hi Michal...
My question was about the *roles* and not about seuser.
My seuser is *staff_u* and of course the mappings selinux users into selinux
roles (1:n)
My question was how it know to choose the *staff_r* role and not the
sysadm_r ...?
Yossi
On Thu, Mar 12, 2009 at 10:03 AM, Michal Zimen <michal.zimen at gmail.com>wrote:
> Hi,
>
>
>
> On Thu, 2009-03-12 at 00:52 +0200, yossi ozani wrote:
>
> Hi all...
>
> I started to learn selinux and I have a question about mapping in selinux.
> I logged in as *staff_u. *The command id -Z gives me the following
> context: user_u:user_r:user_t
> The command: semanage user -l |grep staff_u
> print the output: *staff_u sysadm_r staff_r*
>
> *My questions:*
> 1) How the login process know to choose the *staff_r* role and not the*sysadm_r
> * role ?
>
> semenage login -l
> --mappings linux users into selinux user (1:1)
>
> 2) If only one is the appropriate role why I can see a list of roles to
> some seusers like *staff_u* and *root* ?
>
> semanage user -l
> --mappings selinux users into selinux roles (1:n)
>
>
> Many thanks for the help
> Yossi
>
>
>
> --
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20090312/d2a080b5/attachment.htm
More information about the ubuntu-hardened
mailing list