I seem to be doing something wrong with the latest refpolicy
from git with configuring the user/login
I have in policy/users
gen_user(name,system_u, sysadm_r staff_r user_r, s0, s0 -
mls_systemhigh, mcs_allcats)
then after reboot I:
/usr/sbin/semanage login -a -s name:name
heres /usr/sbin/semanage user -l
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range
SELinux Roles
name system_u s0 s0-s0:c0.c255
staff_r user_r sysadm_r
root sysadm s0 s0-s0:c0.c255
staff_r sysadm_r
staff_u staff s0 s0-s0:c0.c255
staff_r sysadm_r
sysadm_u sysadm s0 s0-s0:c0.c255 sysadm_r
system_u user s0 s0-s0:c0.c255 system_r
unconfined_u unconfined s0 s0-s0:c0.c255
unconfined_r
user_u user s0 s0 user_r
then /usr/sbin/semanage login -l
Login Name SELinux User MLS/MCS Range
__default__ user_u s0
name name s0
root root s0-s0:c0.c255
system_u system_u s0-s0:c0.c255
for some reason my home directory is stuck with this context:
name:name user:object_r:user_home_t:s0 109 Feb 24 13:52 somefile
^
if I have the system in enforcing mode I can not access any of the files
that have the start of the context "user:"
but if I chcon name:object_r:user_home_t:s0
^
I can access my info or change directories
am I missing something with my setup for user/login
with semanage that gets the contexts to have "user" at
the beginning?
--
Justin P. Mattock