On ven, 2014-01-24 at 06:30 -0800, Leibowitz, Michael wrote:
> On Fri, Jan 24, 2014 at 2:10 AM, José Bollo
> <[email protected]> wrote:
> >> Mine just sets the label of the process to the user's homedir's label.
> >>
> >> I'm still cleaning up the code and getting the corner cases out of it.
> >
> > How do you plan to modify /usr/sbin/useradd.local ?
>
> A good question. The IVI build has a few users defined out of the
> box. I had been testing with just those users. I would think that
> for non-system users, the label for now ought to be User. Does this
> seem reasonable?
I agree that it is reasonable.
My very first idea was to replace SELINUX stuff with something like:
if [ -x /usr/bin/chsmack ]; then
homedir=${4:-/home/$1}
if [ ${2:-$(id -u)} -le $(awk '$1=="SYS_UID_MAX"{print
$2}' /etc/login.defs) ]; then
chsmack -a System $homedir
else
chsmack -a User $homedir
fi
fi
But surely the multi user configuration is more complex. And setting
System is maybe wrong.
An other idea, that we are looking, is to put a loop to activate hooks.
Something like:
for hook in /etc/user.d/useradd/*; do
[ -x $hook ] && $hook $@
done
That would allow packages to add hooks when users are added.
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
