Re: What to do about "invalid context"

Stephen Smalley writes:
> role unconfined_r types updpwd_exec_t;

Aha, now I get it! It's the role-type combination that is not allowed, and thus "invalid". Thanks!

A little detail, though. It's the type updpwd_t, not updpwd_exec_t that should be allowed, isn't it? Unless I'm mistaken, it's the file that has the *_exec_t type, but the resulting process domain is *_t.

I did create my module following your pattern, but using updpwd_t, and the crontab command works again. So it seems it was the right thing to do. Or have I done something I shouldn't do after all? -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

• This message: [ Message body ]
• Next message: Stephen Smalley: "Re: What to do about "invalid context""
• Previous message: Daniel B. Thurman: "Re: What is the proper context for .strigi?"
• In reply to: Stephen Smalley: "Re: What to do about "invalid context""
• Next in thread: Stephen Smalley: "Re: What to do about "invalid context""
• Reply: Stephen Smalley: "Re: What to do about "invalid context""

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]