selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: odd behavior of newrole setting level

Re: odd behavior of newrole setting level

From: Joe Nall <joe_at_nospam>
Date: Wed Jan 27 2010 - 16:14:48 GMT
To: Daniel J Walsh <dwalsh@redhat.com>

On Jan 27, 2010, at 8:13 AM, Daniel J Walsh wrote: > On 01/26/2010 10:12 PM, Andy Warner wrote:
>> Can someone explain why the first newrole (newrole -l s0) from the
>> commands below fails while the second newrole (newrole -l SystemLow)
>> succeeds. I am using Fedora 12 fully updated, the mls policy and the
>> mcstrans label translation service. s0 is mapped to SystemLow.
>>
>> Thanks,
>>
>> Andy
>>
>> $ id -Z
>> staff_u:staff_r:staff_t:SystemLow-SystemHigh
>> $ newrole -l s0
>> staff_u:staff_r:staff_t:s0-SystemHigh is not a valid context
>> $ newrole -l SystemLow
>> Password:
>> $ id -Z
>> staff_u:staff_r:staff_t:SystemLow-SystemHigh
>> $ newrole -l s0-s0
>> Password:
>> $ id -Z
>> staff_u:staff_r:staff_t:SystemLow
>>
>>
>>
>>
>>

> Looks like a bug in mcstrans.

I'll take a look. I can duplicate the behavior.

joe -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.