From: russell@coker.com.au (Russell Coker) Date: Fri, 18 Nov 2016 11:57:05 +1100 Subject: [refpolicy] system_u LOGIN Message-ID: <1512107.VaBRCM8Axm@russell.coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com In config/appconfig-mcs/seusers we have the following line: system_u:system_u:s0-mcs_systemhigh With recent versions of the userspace the Makefile that is included in the reference policy for building user modules gives the following error on load: # make load Compiling default local module /usr/bin/checkmodule: loading policy configuration from tmp/local.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 17) to tmp/ local.mod Creating default local.pp policy package Loading default modules: local libsemanage.add_user: user system_u not in password file rm tmp/local.mod.fc tmp/local.mod Has the LOGIN of system_u ever done any good? It seems to do nothing and as it is now giving errors I think we should remove it. Also since 2012 in Debian we have had the following patch from debian at mikapflueger.de. This might be a good thing to have upstream. diff --git a/config/appconfig-mcs/seusers b/config/appconfig-mcs/seusers index dc5f1e4..62aba7d 100644 --- a/config/appconfig-mcs/seusers +++ b/config/appconfig-mcs/seusers @@ -1,3 +1,3 @@ system_u:system_u:s0-mcs_systemhigh -root:root:s0-mcs_systemhigh -__default__:user_u:s0 +root:unconfined_u:s0-mcs_systemhigh +__default__:unconfined_u:s0-mcs_systemhigh -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/