On Fri, 2010-04-30 at 16:42 -0500, Xavier Toth wrote: > On Fri, Apr 30, 2010 at 3:38 PM, Xavier Toth <txtoth@xxxxxxxxx> wrote: > > I'm going to simplify this because a lot of the detail isn't import to > > the issue I'm working through. I'm taring some files, one of which > > happens to be labeled SystemHigh and the rest SystemLow. An init > > script, running SystemLow-SystemHigh, is later run on a different > > system which untars the file. tar generates a warning message about > > setfilecon failing for the file labeled SystemHigh and I see a > > SELINUX_ERR message in the audit log (security_validate_transition: > > denied for oldcontext=system_u:object_r:selinux_config_t:s0 > > newcontext=system_u:object_r:selinux_config_t:s15:c0-c1023 > > taskcontext=system_u:system_r:initrc_t=s0-s15:c0.c1023 tclass=file). I > > am using run_init to run test this init script. What I'm confused > > about is that there are no AVCs (I did an semnodule -DB just to see if > > there were any dontaudits) and why there even is a failure as initrc_t > > uses the mls_file_write_all_levels marco. Also does anyone know of a > > way to see the contexts stored in the tar file? > > > > Ted > > > > I see now, initrc_t policy doesn't use mls_file_upgrade but I still > don't like the no AVC bit. The AVC isn't involved in that check. security_validate_transition() and the mlsvalidatetrans constraints were introduced to enable a check to be applied based on all 3 security contexts (old file context, new file context, process context) simultaneously, which wasn't possible via the pairwise AVC checks. selinux_inode_setxattr() invokes security_validate_transition() after applying the AVC permission checks during file relabeling. -- Stephen Smalley National Security Agency -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux