[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: What to do about "invalid context"

From: "Göran Uddeborg" <goeran uddeborg se>
To: Stephen Smalley <sds tycho nsa gov>
Cc: fedora-selinux-list redhat com
Subject: Re: What to do about "invalid context"
Date: Tue, 17 Jun 2008 20:36:48 +0200

Stephen Smalley writes:
> role unconfined_r types updpwd_exec_t;

Aha, now I get it!  It's the role-type combination that is not
allowed, and thus "invalid".  Thanks!

A little detail, though.  It's the type updpwd_t, not updpwd_exec_t
that should be allowed, isn't it?  Unless I'm mistaken, it's the file
that has the *_exec_t type, but the resulting process domain is *_t.

I did create my module following your pattern, but using updpwd_t, and
the crontab command works again.  So it seems it was the right thing
to do.  Or have I done something I shouldn't do after all?

Follow-Ups:
- Re: What to do about "invalid context"
  - From: Stephen Smalley

References:
- What to do about "invalid context"
  - From: Göran Uddeborg
- Re: What to do about "invalid context"
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]