On Thu, 2006-10-05 at 12:32 -0400, Suchoski, Andrew wrote:
> Found my problem. I was concentrating on the domain - type access controls for relabelfrom/ relabelto and I forgot about the basic TE constrain that states
>
> constrain dir_file_class_set { create relabelto relabelfrom }
> ( u1 == u2 or t1 == can_change_object_identity );
>
> audit2allow doesn't help very much with that.
True. audit2why can at least diagnose whether it is constraint-related
or TE-related.
--
Stephen Smalley
National Security Agency
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
