Root can't read the object because it does not dominate the object. Object's currnet level: s0:c0.c512 Subject's current level: s4:c0.c256 There are extra categories (c257.c512) in the subject that are not in the subject. The subject must have every category of the object, not just some. Gary -----Original Message----- From: owner-selinux@xxxxxxxxxxxxx [mailto:owner-selinux@xxxxxxxxxxxxx] On Behalf Of Sebastian Pfaff Sent: Sunday, April 19, 2009 6:45 AM To: selinux@xxxxxxxxxxxxx Subject: can't access problem a file with a given range (mls policy) hello list, security context of rangeRange: [root@localhost ~]# ls -Z rangeRange -rw-r--r--. root root root:object_r:admin_home_t:s0:c0.c512- s5:c0.c1023 rangeRange here the problem: bonbon:Downloads seba$ ssh root/sysadm_r/s4:c0.c256@xxxxxxxxxxxx root/sysadm_r/s4:c0.c256@xxxxxxxxxxxx's password: Last login: Sun Apr 19 04:34:15 2009 from 192.168.2.3 [root@localhost ~]# id -Z root:sysadm_r:sysadm_t:s4:c0.c256 [root@localhost ~]# ls -Z rangeRange ls: cannot access rangeRange: Permission denied Why can't i access rangeRange. IMHO i'm within the range (s0:c0.c512- s5:c0.c1023), but i'm not totally sure. Please, correct if i'm wrong and give me a short pointer. tnx in advance -- Sebastian Pfaff PS: If you need additional information, please let me know. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
