|
Whenever I use runcon in my script, I get the error “root:system_r:datalabeler_t:s0-s15:c0.c255
is not a valid context”, regardless of the user, role, type, and mls level
that I specify with the runcon command. Infact, even when I specify the context
that I’m already running in with the runcon statement, I get the above
error. So for instance, if I run the script WITHOUT the runcon command, it runs
fine with the following security context (verified with a ps –efZ command):
root:system_r:datalabeler_t:s0-s15:c0.c255.
But if I run the script with a runcon statement that specifies the exact same user,
role, type, and mls level I get the error shown above. My script runs in a domain named datalabeler_t (I don’t
have the problem when running a similar script in the unconfined_t domain). It
kicks off a java process with the following line: java
mls.SimulatedImport.SimulatedDataLabeler $argv[*] When I add the runcon statement, I get the above error: runcon
-u root -r system_r -t datalabeler_t java
mls.SimulatedImport.SimulatedDataLabeler $argv[*] I am using an selinux policy that I built as an mls policy
off the targeted policy. Ultimately what I’d like to be able to do is to use
the runcon statement to specify an mls level, but I need to get past this first. Any help would be appreciated. Thanks |
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
