On Thu, Jun 30, 2022 at 2:30 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Wed, Jun 29, 2022 at 7:06 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > A request is denied with SEPOL_COMPUTEAV_RBAC if the source role is not
> > allowed to transition to the target role, granted via a
> >
> > allow source_role target_role;
> >
> > statement.
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>
Merged.
Thanks,
Jim
> > ---
> > libsepol/utils/sepol_check_access.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libsepol/utils/sepol_check_access.c b/libsepol/utils/sepol_check_access.c
> > index bd2ea896..5d2bf679 100644
> > --- a/libsepol/utils/sepol_check_access.c
> > +++ b/libsepol/utils/sepol_check_access.c
> > @@ -109,7 +109,7 @@ int main(int argc, char *argv[])
> > if (reason & SEPOL_COMPUTEAV_RBAC) {
> > if (i > 0)
> > printf(", ");
> > - printf("transition-constraint");
> > + printf("role-transition");
> > i++;
> > }
> > if (reason & SEPOL_COMPUTEAV_BOUNDS) {
> > --
> > 2.36.1
> >
