The current implementation of SELinux requires each user to be listed in the user policy file
and the default_context. This is great for single purpose server and workstation machines.
I am currently look at a project that will require hundreds of machines and thousands of users. The user name and password are propagated thru NIS. With

the current implement of SELinux this makes the management of the machines non-workable. Requires to much system administration. User are added and removed on a regular basis. We cannot rebuild a policy file for each machine for the
addition or removal of a user.

What would be the best way to modify the current implement to create a standard
user. I was thinking of setting up a standard user for the user policy file and
for the default context in the /etc/security (cron and default). I am looking at modifying
the libsecure to look at the user, if the user is not found in the default_context file
then assign him the standard user context.

Any suggestions would be great.

Mark Westerman

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.