A request is denied with SEPOL_COMPUTEAV_RBAC if the source role is not
allowed to transition to the target role, granted via a
allow source_role target_role;
statement.
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libsepol/utils/sepol_check_access.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsepol/utils/sepol_check_access.c b/libsepol/utils/sepol_check_access.c
index bd2ea896..5d2bf679 100644
--- a/libsepol/utils/sepol_check_access.c
+++ b/libsepol/utils/sepol_check_access.c
@@ -109,7 +109,7 @@ int main(int argc, char *argv[])
if (reason & SEPOL_COMPUTEAV_RBAC) {
if (i > 0)
printf(", ");
- printf("transition-constraint");
+ printf("role-transition");
i++;
}
if (reason & SEPOL_COMPUTEAV_BOUNDS) {
--
2.36.1
