On Fri, 2013-11-15 at 11:28 -0500, m.roth@xxxxxxxxx wrote: > And here's my complaint: why should it tell me that it's unlabeled_t, > rather than telling me "system_r is an invalid role"? > Good point, would be nicer if it would not allow one to change to invalid identifiers in the first place. I cannot answer the question why one is allowed to chcon -r system_r <file> in the first place. (might be some technical limitation) However the unlabeled isid and unlabeled_t sid are there for fail-over so that security is not compromised if it does happen -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
