From: cgzones@googlemail.com (cgzones) Date: Fri, 18 Nov 2016 14:28:14 +0100 Subject: [refpolicy] system_u LOGIN In-Reply-To: <1512107.VaBRCM8Axm@russell.coker.com.au> References: <1512107.VaBRCM8Axm@russell.coker.com.au> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The warning message 'libsemanage.add_user: user system_u not in password file' seems to be related to the recent changes to genhomedircon, see https://bugzilla.redhat.com/show_bug.cgi?id=1378204 It can be fixed as shown in the bugreport or like i did https://github.com/cgzones/debian-package-refpolicy/blob/debian/debian/patches/0043-fix-libsemanage.add_user-user-system_u-not-in-passwo.patch About the seusers change: I dislike that, cause i think the refpolicy should use confined users by default. 2016-11-18 1:57 GMT+01:00 Russell Coker via refpolicy : > In config/appconfig-mcs/seusers we have the following line: > > system_u:system_u:s0-mcs_systemhigh > > With recent versions of the userspace the Makefile that is included in the > reference policy for building user modules gives the following error on load: > > # make load > Compiling default local module > /usr/bin/checkmodule: loading policy configuration from tmp/local.tmp > /usr/bin/checkmodule: policy configuration loaded > /usr/bin/checkmodule: writing binary representation (version 17) to tmp/ > local.mod > Creating default local.pp policy package > Loading default modules: local > libsemanage.add_user: user system_u not in password file > rm tmp/local.mod.fc tmp/local.mod > > Has the LOGIN of system_u ever done any good? It seems to do nothing and as > it is now giving errors I think we should remove it. > > Also since 2012 in Debian we have had the following patch from > debian at mikapflueger.de. This might be a good thing to have upstream. > > diff --git a/config/appconfig-mcs/seusers b/config/appconfig-mcs/seusers > index dc5f1e4..62aba7d 100644 > --- a/config/appconfig-mcs/seusers > +++ b/config/appconfig-mcs/seusers > @@ -1,3 +1,3 @@ > system_u:system_u:s0-mcs_systemhigh > -root:root:s0-mcs_systemhigh > -__default__:user_u:s0 > +root:unconfined_u:s0-mcs_systemhigh > +__default__:unconfined_u:s0-mcs_systemhigh > > -- > My Main Blog http://etbe.coker.com.au/ > My Documents Blog http://doc.coker.com.au/ > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy