[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] selinux question and answer



On Thu, Aug 13, 2009 at 10:41:57AM +0100, Daniel P. Berrange wrote:
> Could you discover the neccessary/supported targets from the semanage, 
> 
> eg
> 
> # semanage user -l 
> 
>                 Labeling   MLS/       MLS/                          
> SELinux User    Prefix     MCS Level  MCS Range                      SELinux Roles
> 
> root            user       s0         SystemLow-SystemHigh           system_r sysadm_r user_r
> system_u        user       s0         SystemLow-SystemHigh           system_r
> user_u          user       s0         SystemLow-SystemHigh           system_r sysadm_r user_r

This is what semanage says when run inside libguestfs:

$ ./fish/guestfish -a /dev/mapper/vg_trick-F11x64 --ro \
  selinux on : \
  run : \
  mount /dev/vg_f11x64/lv_root / : \
  sh "/usr/sbin/load_policy" : \
  sh "/usr/sbin/semanage user -l" 


                Labeling   MLS/       MLS/                          
SELinux User    Prefix     MCS Level  MCS Range                      SELinux Roles

guest_u         user       s0         s0                             guest_r
root            user       s0         s0-s0:c0.c1023                 staff_r sysadm_r system_r unconfined_r
staff_u         user       s0         s0-s0:c0.c1023                 staff_r sysadm_r system_r
sysadm_u        user       s0         s0-s0:c0.c1023                 sysadm_r
system_u        user       s0         s0-s0:c0.c1023                 system_r
unconfined_u    user       s0         s0-s0:c0.c1023                 system_r unconfined_r
user_u          user       s0         s0                             user_r
xguest_u        user       s0         s0                             xguest_r



I guess we should wait until Dan Walsh / Eric Paris are awake and can
comment on what we *should* be doing.

Rich.

-- 
Richard Jones, Emerging Technologies, Red Hat  http://et.redhat.com/~rjones
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://et.redhat.com/~rjones/libguestfs/
See what it can do: http://et.redhat.com/~rjones/libguestfs/recipes.html


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]