selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: odd behavior of newrole setting level

Re: odd behavior of newrole setting level

From: Daniel J Walsh <dwalsh_at_nospam>
Date: Wed Jan 27 2010 - 14:13:53 GMT
To: Andy Warner <warner@rubix.com>


On 01/26/2010 10:12 PM, Andy Warner wrote:
> Can someone explain why the first newrole (newrole -l s0) from the
> commands below fails while the second newrole (newrole -l SystemLow)
> succeeds. I am using Fedora 12 fully updated, the mls policy and the
> mcstrans label translation service. s0 is mapped to SystemLow.
>
> Thanks,
>
> Andy
>
> $ id -Z
> staff_u:staff_r:staff_t:SystemLow-SystemHigh
> $ newrole -l s0
> staff_u:staff_r:staff_t:s0-SystemHigh is not a valid context
> $ newrole -l SystemLow
> Password:
> $ id -Z
> staff_u:staff_r:staff_t:SystemLow-SystemHigh
> $ newrole -l s0-s0
> Password:
> $ id -Z
> staff_u:staff_r:staff_t:SystemLow
>
>
>
>
>

Looks like a bug in mcstrans.

Translated s0 into s0-SystemHigh I would guess. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.