On Wed, 2009-05-27 at 12:44 -0700, West, Gary-P55389 wrote: > System is mls > System is currently in permissive mode > Policy is modular but all modules are in the base policy > > Files changed with custom role: > > src/config/appconfig-mls/default_type -------------------- > app_pso_r:app_pso_t > > src/config/appconfig-mls/default_contexts ---------------- > system_r:xdm_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 > sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0 app_pso_r:app_pso_t:s0 Doesn't this cause you to still default to user_r (if the user is authorized for both user_r and app_pso_r), since user_r is listed first? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
