On 09/07/2016 08:47 AM, Dominick Grift wrote: > On 09/07/2016 02:36 PM, Stephen Smalley wrote: >> On 09/07/2016 12:42 AM, Gary Tierney wrote: >>> On Tue, Sep 06, 2016 at 03:13:17PM -0400, Stephen Smalley >>> wrote: >>>> On 09/06/2016 09:48 AM, Gary Tierney wrote: >>>>> static int seuser_sort_func(const void *arg1, const void >>>>> *arg2) @@ -1074,9 +1130,6 @@ static >>>>> genhomedircon_user_entry_t >>>>> *get_users(genhomedircon_settings_t * s, if (strcmp(name, >>>>> DEFAULT_LOGIN) == 0) continue; >>>>> >>>>> - if (strcmp(name, TEMPLATE_SEUSER) == 0) - >>>>> continue; - >>>> >>>> This yields a warning/error on Fedora: $ sudo semodule -B >>>> libsemanage.add_user: user system_u not in password file >>>> >>> >>> I can re-add this conditional to prevent outputting the >>> warning, though is there a reason for a login named "system_u" >>> ? >> >> crond used to require one in order to look up the context for >> system cron jobs; I'm not sure if that is still required, but it >> is still present in Fedora. > > https://git.fedorahosted.org/cgit/cronie.git/commit/?id=e5280235809844f54d5956ec281472b63dcfc3f4
Ok, > so maybe someone should file a bug on policy to remove system_u from seusers? After first testing that it doesn't break anything. _______________________________________________ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
