On 09/07/2016 02:45 PM, Stephen Smalley wrote: > On 09/07/2016 03:15 AM, Dominick Grift wrote: >> On 09/07/2016 06:42 AM, Gary Tierney wrote: >>> On Tue, Sep 06, 2016 at 03:13:17PM -0400, Stephen Smalley wrote: >>>> On 09/06/2016 09:48 AM, Gary Tierney wrote: >>>>> @@ -1074,9 +1130,6 @@ static genhomedircon_user_entry_t >>>>> *get_users(genhomedircon_settings_t * s, if (strcmp(name, >>>>> DEFAULT_LOGIN) == 0) continue; >>>>> >>>>> - if (strcmp(name, TEMPLATE_SEUSER) == 0) - >>>>> continue; - >>>> >>>> This yields a warning/error on Fedora: $ sudo semodule -B >>>> libsemanage.add_user: user system_u not in password file >>>> >>> >>> I can re-add this conditional to prevent outputting the warning, >>> though is there a reason for a login named "system_u" ? >>> >> >> Is that warning really useful in the first place though? My >> requirement to create a gdm selinux id also causes these messages >> for user gdm when ever semodule -B is run on systems that do not >> have the gdm user. > > Why do you need a gdm selinux id? >
PAM related Because systemd spawns a --user instance for gdm and that in turn runs a gdm --session bus. In order to run the gdm --session bus in gdm.subj this was needed. Basically gdm is sort of treated as a real user in some ways. E.g. It has a /run/user/42 and it has a systemd --user instance >> Can we not just print that message only when semodule is run with >> -v instead? > > Presently -v only affects output from semodule itself; it isn't > propagated to libsemanage in any way. And libsemanage logging only > defines three levels presently: error, warning, info. So we don't > presently have the support for making a libsemanage log message > verbose-only, even if we wanted to do so. > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
