Hi, I am currently trying teach myself SELinux on a Fedora FC6 box (VMware), configured with the strict policy running in permissive mode. I followed the instructions provided on http://james-morris.livejournal.com/8228.html to play with MCS functions, but I get an error when I try to assign a category "Public" to an unprivileged user "foo" with the chcat command (as root, with sysadm role) ----------------------------------------------- # chcat -l -- +Public foo libsemanage.validate_handler: MLS range s0-s0:c0 for Unix user foo exceeds allow ed range s0 for SELinux user user_u libsemanage.validate_handler: seuser mapping [foo -> (user_u, s0-s0:c0)] is inva lid libsemanage.dbase_llist_iterate: could not iterate over records ----------------------------------------------- Other techniques to achieve the same result (e.g. trying to assign this category with semanage) leads the same error. ----------------------------------------------- # semanage login -l __default__ user_u s0 foo user_u s0 root root SystemLow-SystemHigh system_u system_u SystemLow-SystemHigh # semanage user -l root sysadm s0 SystemLow-SystemHigh system_r sy sadm_r staff_r staff_u staff s0 SystemLow-SystemHigh sysadm_r st aff_r sysadm_u sysadm s0 SystemLow-SystemHigh sysadm_r system_u user s0 SystemLow-SystemHigh system_r user_u user s0 s0 user_r ----------------------------------------------- My setrans.conf file contains : s0:c0=Public s0:c1=Confidential s0:c2=Secret s0:c3=TopSecret Any idea? Apart from that, setting a category on a non-existing file leads to a segmentation fault : # chcat -- +Public doesnotexist.txt Segmentation fault Thanks for your help, Ben -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
