Sometime ago I posted about a problem I had when building a monolithic policy. Login programs were unable to determine the default context of users when logging in, although i was pretty sure I did everything right. I never resolved that but didn't bother either since I started writing a new modular policy from scratch. Everything worked flawlessly, including logins, until suddenly now logins started to fail again with the login programs unable to determine the context of the user. Oh, what fresh hell is this?! So I started rolling back changes, and it turns out if there are too many types associated with one role and that role and one of its types is set as default context for a user, /bin/login gives 'Unable to get valid context'. BTW, the exact number seems 194. 194 types associated with one role works. 195 and it's broken. I'm doing this on Ubuntu 12.04, so it could be the crappily maintained selinux userland here. Ole
Attachment:
signature.asc
Description: Digital signature
