runcon: invalid context

Tracy Reed <treed@xxxxxxxxxxxxxxx> · Thu, 30 Apr 2015 12:21:38 -0700

I want to manually run an app within a certain context. When I try running it
like so I get the following error:

# id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
# runcon p16001_u:myapp_r:myapp_t:s0:c1 /myapp/startup.sh
runcon: invalid context: p16001_u:myapp_r:myapp_t:s0:c1: Invalid argument

unconfined should be allowed to transition to any context, right? No AVC is
generated so I don't think that's the issue. The user p16001_u exists with
category c1, with role myapp_r and myapp_t exists in the policy. I'm unclear as
to why this is an invalid context.

# semanage user -l

Labeling   MLS/       MLS/                          
SELinux User    Prefix     MCS Level  MCS Range                      SELinux Roles

git_shell_u     user       s0         s0                             git_shell_r
myapp_u         user       s0         s0-s0:c0.c1023                 myapp_r
guest_u         user       s0         s0                             guest_r
p16000_u        user       s0         s0-s0:c0                       myapp_r
p16001_u        user       s0         s0-s0:c1                       myapp_r
p16002_u        user       s0         s0-s0:c2                       myapp_r
p16003_u        user       s0         s0-s0:c3                       myapp_r
p16004_u        user       s0         s0-s0:c4                       myapp_r
p16005_u        user       s0         s0-s0:c5                       myapp_r
p16006_u        user       s0         s0-s0:c6                       myapp_r
p16007_u        user       s0         s0-s0:c7                       myapp_r
p16008_u        user       s0         s0-s0:c8                       myapp_r
p16009_u        user       s0         s0-s0:c9                       myapp_r
p16010_u        user       s0         s0-s0:c10                      myapp_r
root            user       s0         s0-s0:c0.c1023                 staff_r sysadm_r system_r unconfined_r
staff_u         user       s0         s0-s0:c0.c1023                 staff_r sysadm_r system_r unconfined_r
sysadm_u        user       s0         s0-s0:c0.c1023                 sysadm_r
system_u        user       s0         s0-s0:c0.c1023                 system_r unconfined_r
unconfined_u    user       s0         s0-s0:c0.c1023                 system_r unconfined_r
user_u          user       s0         s0                             user_r
xguest_u        user       s0         s0                             xguest_r

Any tips greatly appreciated!

-- 
Tracy Reed
Attachment:
pgpdVSECq6Inb.pgp

Description: PGP signature
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux