Hi there,

I have made a copy of the user.te to be_user.te and have changes all instances of "user" ti "be_user" and changed the "domain" to "be_domain" inside be_user.te.

I have also added the be_user_r definition to the rbac file.

The las t thing that I have done was to "sed "s/domain/~be_domain/g" every.te > newevery.te and then copy it over.

the problem that I am getting now is an assertion error:

assertion fail: allow be_user_su_t be_user_t:process { transition } was granted

could you please tell me what these assertion errors mean and, in general, how to fix them?

Cheers,
Lonnie

Quoting Stephen Smalley <sds@tislabs.com>:

>
> On Tue, 18 Dec 2001 lonnie@outstep.com wrote:
>
> > Now then, after making the new domain, should I presume that I can
> simply use
> > the standard "adduser" to put a user in that domain, and also use
> the
> > standard "chown" to change the ownership of files to belong to the new
> domain?
>
> No. adduser hasn't been modified to be aware of SELinux, and chown
> only
> deals with the Linux user and group attributes. You need to define an
> entry for the new user and his authorized roles in policy/users and an
> entry for the new role and its authorized domain(s) in policy/rbac.
> To
> set the security context on the user's home directory, you can use the
> new 'chcon' program.
>
> --
> Stephen D. Smalley, NAI Labs
> ssmalley@nai.com
>
>
>
>
> --
> You have received this message because you are subscribed to the selinux
> list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.
>

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.