... is not a valid context
Todd Merritt
tmerritt at email.arizona.edu
Wed Aug 10 16:26:05 UTC 2005
On Wed, 2005-08-10 at 12:05 -0400, Stephen Smalley wrote:
> On Wed, 2005-08-10 at 11:57 -0400, Stephen Smalley wrote:
> > Doesn't look like limited_user_role() adds a:
> > role $1_r types $1_t;
> > statement to authorize the role for the type.
>
> Looks like the corresponding statement for full_user_role() is pushed
> all the way down to user_domain(). Likely should be brought up to
> limited_user_role() and thereby included in both limited_user_role() and
> full_user_role() at that level.
>
It's getting in there from somewhere:
[root at tubb policy]# grep allow policy.conf |grep ua_pw_user_r
allow user_r ua_pw_user_r;
allow sysadm_r ua_pw_user_r;
But, after switching it to full_user role
allow system_r ua_pw_user_r;
is added to the policy and everything works.
Thanks,
Todd
More information about the fedora-selinux-list
mailing list