-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/15/2013 11:44 AM, Dominick Grift wrote: > On Fri, 2013-11-15 at 11:28 -0500, m.roth@xxxxxxxxx wrote: > >> And here's my complaint: why should it tell me that it's unlabeled_t, >> rather than telling me "system_r is an invalid role"? >> > > Good point, would be nicer if it would not allow one to change to invalid > identifiers in the first place. > > I cannot answer the question why one is allowed to chcon -r system_r <file> > in the first place. (might be some technical limitation) > > However the unlabeled isid and unlabeled_t sid are there for fail-over so > that security is not compromised if it does happen > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > Looks like a bug to me. Should have generated an MAC_ADMIN avc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKGkIIACgkQrlYvE4MpobM9/QCfdoqYcPLMHMRv7eg+P9fFTFqj QgIAoLcplQEzMB0It5f29cqGloxZUnHz =NuUO -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
