selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: odd behavior of newrole setting level

odd behavior of newrole setting level

From: Andy Warner <warner_at_nospam>
Date: Wed Jan 27 2010 - 03:12:10 GMT
To: selinux@tycho.nsa.gov


Can someone explain why the first newrole (newrole -l s0) from the commands below fails while the second newrole (newrole -l SystemLow) succeeds. I am using Fedora 12 fully updated, the mls policy and the mcstrans label translation service. s0 is mapped to SystemLow.

Thanks,

Andy

$ id -Z

staff_u:staff_r:staff_t:SystemLow-SystemHigh
$ newrole -l s0

staff_u:staff_r:staff_t:s0-SystemHigh is not a valid context
$ newrole -l SystemLow

Password:
$ id -Z

staff_u:staff_r:staff_t:SystemLow-SystemHigh
$ newrole -l s0-s0

Password:
$ id -Z

staff_u:staff_r:staff_t:SystemLow -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.