On Wed, Jun 29, 2022 at 7:06 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> A request is denied with SEPOL_COMPUTEAV_RBAC if the source role is not
> allowed to transition to the target role, granted via a
>
> allow source_role target_role;
>
> statement.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Acked-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> libsepol/utils/sepol_check_access.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsepol/utils/sepol_check_access.c b/libsepol/utils/sepol_check_access.c
> index bd2ea896..5d2bf679 100644
> --- a/libsepol/utils/sepol_check_access.c
> +++ b/libsepol/utils/sepol_check_access.c
> @@ -109,7 +109,7 @@ int main(int argc, char *argv[])
> if (reason & SEPOL_COMPUTEAV_RBAC) {
> if (i > 0)
> printf(", ");
> - printf("transition-constraint");
> + printf("role-transition");
> i++;
> }
> if (reason & SEPOL_COMPUTEAV_BOUNDS) {
> --
> 2.36.1
>
