search for: staff_u

...#39;m wondering if this isn't more of a bug or a need to adjust the selinux policy packages to allow the functionality. The user story is this: Gnome3 user wants to burn a CD/DVD. The system is selinux enforcing, selinux boolean cdrecord_read_content is set to on, and the user is confined to staff_u. When the user runs Brasero to burn a disk, the burn operation fails. /var/log/audit/audit.log contains the following: type=AVC msg=audit(1556724762.446:1133340): avc: denied { read } for pid=8296 comm="growisofs" name="devices" dev="proc" ino=4026532225 scontext=...

At work I'm used to tools like eTrust Access Control (aka SEOS). eTrust takes away the ability to manage the eTrust config from root and puts it in the hands of "security admin". So there's a good separation of duties; security admin control the security ruleset, but are limited by the OS permissions (so even if they granted themselves permission to modify /etc/shadow, the

...ibvirt.unix.manage;org.libvirt.unix.monitor ResultAny=yes ResultInactive=yes ResultActive=yes After doing the above i am able to connect to virt-manager as non-root user but unable to create storage pools. [juno at reserved ~]$ id uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt) context=staff_u:staff_r:staff_t:s0 [juno at reserved ~]$ virsh Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # pool-list error: Failed to reconnect to the hypervisor error: no valid connection error: Failed to connect s...

...MLS/ SELinux User Prefix MCS Level MCS Range SELinux Roles git_shell_u user s0 s0 git_shell_r guest_u user s0 s0 guest_r root user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r sysadm_u user s0 s0-s0:c0.c1023 sysadm_r system_u user s0 s0-s0:c0.c1023 system_r unconfined_r unconfined_u user s0 s0-s0:c0.c1023 system...

...anage user -l* * Labeling MLS/ MLS/ * *SELinux User Prefix MCS Level MCS Range SELinux Roles* *guest_u user s0 s0 guest_r* *root user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r* *staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r* *sysadm_u user s0 s0-s0:c0.c1023 sysadm_r* *system_u user s0 s0-s0:c0.c1023 system_r unconfined_r* *unconfined_u user s0 s0-s0:c0.c1023 system_r unconf...