-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/15/2010 04:58 PM, Radha Venkatesh (radvenka) wrote:
Dan,
I have created SeLinux users which can take on roles of system_r and sysadm_r and tied them the Linux users created (though they are nologin). This is needed so that these linux users can execute applications in our product taking on system_r or sysadm_r roles.
Thanks, Radha.
Right but how do they get logged on to the machine?
-----Original Message----- From: Daniel J Walsh [mailto:dwalsh@redhat.com] Sent: Friday, October 15, 2010 12:53 PM To: Radha Venkatesh (radvenka) Cc: fedora-selinux-list@redhat.com Subject: Re: Addition of selinux users causes "Multiple same specifications" warnings during startup
On 10/15/2010 03:27 PM, Radha Venkatesh (radvenka) wrote:
Dan,
These users do not login to the system and their shells are already set to /sbin/nologin.
Thanks, Radha.
Then why are you assigning user context to the accounts. genhomedircon must have a bug in that it is ignoring the shell if the user has an assigned seusers label.
-----Original Message----- From: Daniel J Walsh [mailto:dwalsh@redhat.com] Sent: Friday, October 15, 2010 12:18 PM To: Radha Venkatesh (radvenka) Cc: fedora-selinux-list@redhat.com Subject: Re: Addition of selinux users causes "Multiple same specifications" warnings during startup
On 10/15/2010 03:11 PM, Radha Venkatesh (radvenka) wrote:
Yes, for security reasons, /dev/null is being used as the homedir for
users in our product.
Thanks, Radha.
-----Original Message----- From: Daniel J Walsh [mailto:dwalsh@redhat.com] Sent: Friday, October 15, 2010 12:02 PM To: Radha Venkatesh (radvenka) Cc: fedora-selinux-list@redhat.com Subject: Re: Addition of selinux users causes "Multiple same specifications" warnings during startup
On 10/15/2010 02:33 PM, Radha Venkatesh (radvenka) wrote:
I have created SeLinux users using "semanage user" and tied the SeLinux users to Linux users using "semanage login". I find that on startup, there are several warnings thrown for "Multiple same
specifications".
Below is an example
/etc/selinux/strict/contexts/files/file_contexts: Multiple same specifications for /dev/null/.screenrc
I then checked and found that file_contexts has
file_contexts.homedirs:/dev/null/.screenrc -- ccmusergrp_u:object_r:user_screen_ro_home_t:s0 file_contexts.homedirs:/dev/null/.screenrc -- ccmusergrp_u:object_r:user_screen_ro_home_t:s0 file_contexts.homedirs:/dev/null/.screenrc -- specialuser_u:object_r:user_screen_ro_home_t:s0 file_contexts.homedirs:/dev/null/.screenrc -- ccmusergrp_u:object_r:user_screen_ro_home_t:s0 file_contexts.homedirs:/dev/null/.screenrc -- ccmusergrp_u:object_r:user_screen_ro_home_t:s0 file_contexts.homedirs:/dev/null/.screenrc -- specialuser_u:object_r:user_screen_ro_home_t:s0
Looks like there is an entry for every Linux user I tied to the SeLinux user.
I am using
libselinux-1.33.4-5.5.el5 libsemanage-1.9.1-4.4.el5 policycoreutils-1.33.12-14.8.el5 libsepol-1.15.2-3.el5
and do not have an option to move to later releases.
Is there a way for me to get rid of these warnings or suppress them,
without changing the source code provided by RedHat?
Thanks, Radha.
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
This looks like /dev/null is defined as a homedir?
- -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux