I'm trying to add a new role and test it by adding a user with access to that role. I can su to the new user, but then when I try to newrole I get "... is not a valid context". Here are my steps so far; I'm starting from the default strict policy:
#useradd engineer
Added the following to .../strict/src/policy/users user engineer roles { user_r developer_r };
Added the following to .../strict/src/policy/domains/user.te full_user_role(developer) allow system_r developer_r allow sysadm_r developer_r allow user_r developer_r allow staff_r developer_r
Added the following into in_user_role macro in .../strict/src/policy/macros/user_macros.te role developer_r types $1;
Added the following to .../strict/src/policy/appconfig/default_type developer_r:user_t
#make load
steve$ id -Z user_u:user_r:user_t steve$ su engineer engineer$ id -Z engineer:user_r:user_t engineer$ newrole -r developer_r engineer:developer_r:user_t is not a valid context
Any ideas what I've neglected in setting this up? Thanks!
On Tuesday 18 January 2005 03:27, Steve Brueckner steve@atc-nycorp.com wrote:
engineer$ newrole -r developer_r engineer:developer_r:user_t is not a valid context
Any ideas what I've neglected in setting this up? Thanks!
Add "developer_r:developer_t" to /etc/selinux/strict/contexts/default_type .
selinux@lists.fedoraproject.org