Kategorie:SELinux

• Unnoffical SELinux FAQ
• HowTo Understand SELinux (Gentoo)
• Getting Started with SE Linux HOWTO: the new SE Linux
• SELinux from Scratch

Tipps

• Ports können in /etc/selinux/targeted/src/policy/net_contexts entsprechend gelabeld werden. [1]

Handbooks

• Converting normal Gentoo to SELinux installation
• Convert from Old SELinux to new SELinux on Gentoo

User with its own role

How can I create a User with its own role?

useradd $user
password -l $user (passwort locken)

in file policy/domains/user.te

full_user_role($user)
allow system_r $user_r;
allow sysadm_r $user_r;

This defines the role and allows system_r and sysadm_r access to this user. (recommended)

in file policy/macros/user_macros.te add the line role $user_r types $1; to the block:

define(`in_user_role', `
    role user_r types $1;
    role staff_r types $1;
    role $user_r types $1;
')

and in file policy/users add the automatically mapping:

user $user roles { $user_r };

reload the policy... -> done!