[ubuntu-hardened] selinux - mapping question
Michal Zimen
michal.zimen at gmail.com
Thu Mar 12 08:57:12 GMT 2009
Hi,
I think, when you logged in, automatically you were given the first as
a default role.
See at the file: /etc/selinux/default/users/system.users
also you can see into policy sources:
selinux-policy-src/policy/users file
I hope it help you.
:)
Michal
On Thu, 2009-03-12 at 10:17 +0200, yossi ozani wrote:
> Hi Michal...
>
> My question was about the roles and not about seuser.
> My seuser is staff_u and of course the mappings selinux users into
> selinux roles (1:n)
>
> My question was how it know to choose the staff_r role and not the
> sysadm_r ...?
>
> Yossi
>
>
> On Thu, Mar 12, 2009 at 10:03 AM, Michal Zimen
> <michal.zimen at gmail.com> wrote:
> Hi,
>
>
>
>
> On Thu, 2009-03-12 at 00:52 +0200, yossi ozani wrote:
> > Hi all...
> >
> > I started to learn selinux and I have a question about
> > mapping in selinux.
> > I logged in as staff_u. The command id -Z gives me the
> > following context: user_u:user_r:user_t
> > The command: semanage user -l |grep staff_u
> > print the output: staff_u sysadm_r staff_r
> >
> > My questions:
> > 1) How the login process know to choose the staff_r role and
> > not the sysadm_r role ?
> semenage login -l
> --mappings linux users into selinux user (1:1)
>
> > 2) If only one is the appropriate role why I can see a list
> > of roles to some seusers like staff_u and root ?
> semanage user -l
> --mappings selinux users into selinux roles (1:n)
>
> >
> > Many thanks for the help
> > Yossi
> >
> >
>
> --
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
>
>
>
More information about the ubuntu-hardened
mailing list