On Sun, 2009-01-25 at 13:09 +0900, KaiGai Kohei wrote: > I found a strange behavior with selinux-policy-3.6.3-8.fc11.noarch. > > [root@masu ~]# sestatus > SELinux status: enabled > SELinuxfs mount: /selinux > Current mode: enforcing > Mode from config file: enforcing > Policy version: 24 > Policy from config file: targeted > [root@masu ~]# touch aaa > [root@masu ~]# ls -Z aaa > -rw-r--r-- root root unconfined_u:object_r:admin_home_t:s0 aaa > [root@masu ~]# id -Z > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c31 > [root@masu ~]# chcon -l s0:c0 aaa > chcon: failed to change context of `aaa' to `unconfined_u:object_r:admin_home_t:s0:c0': Operation not permitted > > Why "s0-s0:c0.c31" cannot change the context from "s0" to "s0:c0"? > > I could reproduce the matter after "semodule -B". > > Is there anyone who can reproduce the matter? What avc denial did you get? It is interesting that you got Operation not permitted (EPERM) rather than Permission denied (EACCES) - that usually reflects a capability denial. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
