What to do about "invalid context"
Göran Uddeborg
goeran at uddeborg.se
Tue Jun 17 18:36:48 UTC 2008
Stephen Smalley writes:
> role unconfined_r types updpwd_exec_t;
Aha, now I get it! It's the role-type combination that is not
allowed, and thus "invalid". Thanks!
A little detail, though. It's the type updpwd_t, not updpwd_exec_t
that should be allowed, isn't it? Unless I'm mistaken, it's the file
that has the *_exec_t type, but the resulting process domain is *_t.
I did create my module following your pattern, but using updpwd_t, and
the crontab command works again. So it seems it was the right thing
to do. Or have I done something I shouldn't do after all?
More information about the fedora-selinux-list
mailing list