Displaying 5 results from an estimated 5 matches for "staff_u".
2019 May 01
1
Brasero/cdrecord/growisofs with selinux users confined to staff_u
...#39;m wondering if this isn't more of a bug or a need to adjust
the selinux policy packages to allow the functionality.
The user story is this: Gnome3 user wants to burn a CD/DVD. The
system is selinux enforcing, selinux boolean cdrecord_read_content is
set to on, and the user is confined to staff_u. When the user runs
Brasero to burn a disk, the burn operation fails.
/var/log/audit/audit.log contains the following:
type=AVC msg=audit(1556724762.446:1133340): avc: denied { read } for
pid=8296 comm="growisofs" name="devices" dev="proc" ino=4026532225
scontext=...
2015 Jan 23
2
How to prevent root from managing/disabling SELinux
At work I'm used to tools like eTrust Access Control (aka SEOS). eTrust
takes away the ability to manage the eTrust config from root and puts it
in the hands of "security admin". So there's a good separation of duties;
security admin control the security ruleset, but are limited by the OS
permissions (so even if they granted themselves permission to modify
/etc/shadow, the
2012 Jun 22
1
unable to creating/list storage pools using non-root user
...ibvirt.unix.manage;org.libvirt.unix.monitor
ResultAny=yes
ResultInactive=yes
ResultActive=yes
After doing the above i am able to connect to virt-manager as non-root user
but unable to create storage pools.
[juno at reserved ~]$ id
uid=1001(juno) gid=1001(juno) groups=1001(juno),1002(virt)
context=staff_u:staff_r:staff_t:s0
[juno at reserved ~]$ virsh
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh # pool-list
error: Failed to reconnect to the hypervisor
error: no valid connection
error: Failed to connect s...
2013 Apr 08
1
libvirt, selinux, moving images to ~/images does not work
...MLS/
SELinux User Prefix MCS Level MCS Range
SELinux Roles
git_shell_u user s0 s0
git_shell_r
guest_u user s0 s0 guest_r
root user s0 s0-s0:c0.c1023
staff_r sysadm_r system_r unconfined_r
staff_u user s0 s0-s0:c0.c1023
staff_r sysadm_r system_r unconfined_r
sysadm_u user s0 s0-s0:c0.c1023 sysadm_r
system_u user s0 s0-s0:c0.c1023
system_r unconfined_r
unconfined_u user s0 s0-s0:c0.c1023
system...
2017 Dec 04
0
Fwd: Qwery regarding Selinux Change Id context
...anage user -l*
* Labeling MLS/ MLS/ *
*SELinux User Prefix MCS Level MCS Range
SELinux Roles*
*guest_u user s0 s0
guest_r*
*root user s0 s0-s0:c0.c1023
staff_r sysadm_r system_r unconfined_r*
*staff_u user s0 s0-s0:c0.c1023
staff_r sysadm_r system_r unconfined_r*
*sysadm_u user s0 s0-s0:c0.c1023
sysadm_r*
*system_u user s0 s0-s0:c0.c1023
system_r unconfined_r*
*unconfined_u user s0 s0-s0:c0.c1023
system_r unconf...