Want to help the SE Linux work?
I haven't got time to package setools, Brian seems quite busy with
back-porting things to woody and hunting down bugs. Is anyone else
interested in getting into SE development?
---------- Forwarded Message ----------
Subject: Re: [patch] label /home directory, create suserdel
Date: Mon, 30 Sep 2002 11:09:19 -0400 (EDT)
From: Stephen Smalley <sds@tislabs.com>
To: Russell Coker <russell@coker.com.au>
Cc: Chris Vance <cvance@tislabs.com>, Frank Mayer <mayerf@tresys.com>, SELinux
<SELinux@tycho.nsa.gov>
On Mon, 30 Sep 2002, Russell Coker wrote:
> The new suseradd doesn't deal with multiple user roles. Ideally we would
> have a program that would add an entry to the users file, add a new
> user-role definition to user.te (with appropriate role transitions), and
> add a default type and a cron context as well.
Some of this functionality may be available in the Tresys' setools.
However, IMHO, suseradd shouldn't deal with creating new roles, just with
adding users and possibly assigning them existing roles. As a side note,
please be aware that the /etc/security/default_context and
/etc/security/cron_context files will be obsolete as of the next public
release and their replacement will no longer require per-user entries.
--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com
-------------------------------------------------------
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: