On Wed, 2005-08-10 at 12:05 -0400, Stephen Smalley wrote: > On Wed, 2005-08-10 at 11:57 -0400, Stephen Smalley wrote: > > Doesn't look like limited_user_role() adds a: > > role $1_r types $1_t; > > statement to authorize the role for the type. > > Looks like the corresponding statement for full_user_role() is pushed > all the way down to user_domain(). Likely should be brought up to > limited_user_role() and thereby included in both limited_user_role() and > full_user_role() at that level. > It's getting in there from somewhere: [root@tubb policy]# grep allow policy.conf |grep ua_pw_user_r allow user_r ua_pw_user_r; allow sysadm_r ua_pw_user_r; But, after switching it to full_user role allow system_r ua_pw_user_r; is added to the policy and everything works. Thanks, Todd -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
