From: russell@coker.com.au (Russell Coker)
Date: Fri, 18 Nov 2016 11:57:05 +1100
Subject: [refpolicy] system_u LOGIN
Message-ID: <1512107.VaBRCM8Axm@russell.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

In config/appconfig-mcs/seusers we have the following line:

system_u:system_u:s0-mcs_systemhigh

With recent versions of the userspace the Makefile that is included in the 
reference policy for building user modules gives the following error on load:

# make load
Compiling default local module
/usr/bin/checkmodule:  loading policy configuration from tmp/local.tmp
/usr/bin/checkmodule:  policy configuration loaded
/usr/bin/checkmodule:  writing binary representation (version 17) to tmp/
local.mod
Creating default local.pp policy package
Loading default modules: local
libsemanage.add_user: user system_u not in password file
rm tmp/local.mod.fc tmp/local.mod

Has the LOGIN of system_u ever done any good?  It seems to do nothing and as 
it is now giving errors I think we should remove it.

Also since 2012 in Debian we have had the following patch from 
debian at mikapflueger.de.  This might be a good thing to have upstream.

diff --git a/config/appconfig-mcs/seusers b/config/appconfig-mcs/seusers
index dc5f1e4..62aba7d 100644
--- a/config/appconfig-mcs/seusers
+++ b/config/appconfig-mcs/seusers
@@ -1,3 +1,3 @@
 system_u:system_u:s0-mcs_systemhigh
-root:root:s0-mcs_systemhigh
-__default__:user_u:s0
+root:unconfined_u:s0-mcs_systemhigh
+__default__:unconfined_u:s0-mcs_systemhigh

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/