Re: [Libguestfs] selinux question and answer
On Thu, Aug 13, 2009 at 10:41:57AM +0100, Daniel P. Berrange wrote:
Could you discover the neccessary/supported targets from the
semanage,
eg
# semanage user -l
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range SELinux Roles
root user s0 SystemLow-SystemHigh system_r sysadm_r
user_r
system_u user s0 SystemLow-SystemHigh system_r
user_u user s0 SystemLow-SystemHigh system_r sysadm_r
user_r
This is what semanage says when run inside libguestfs:
$ ./fish/guestfish -a /dev/mapper/vg_trick-F11x64 --ro \
selinux on : \
run : \
mount /dev/vg_f11x64/lv_root / : \
sh "/usr/sbin/load_policy" : \
sh "/usr/sbin/semanage user -l"
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range SELinux Roles
guest_u user s0 s0 guest_r
root user s0 s0-s0:c0.c1023 staff_r sysadm_r
system_r unconfined_r
staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r
system_r
sysadm_u user s0 s0-s0:c0.c1023 sysadm_r
system_u user s0 s0-s0:c0.c1023 system_r
unconfined_u user s0 s0-s0:c0.c1023 system_r
unconfined_r
user_u user s0 s0 user_r
xguest_u user s0 s0 xguest_r
I guess we should wait until Dan Walsh / Eric Paris are awake and can
comment on what we *should* be doing.
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://et.redhat.com/~rjones/libguestfs/
See what it can do: http://et.redhat.com/~rjones/libguestfs/recipes.html