back to svn]
Dominick Grift
dominick.grift at gmail.com
Fri Nov 15 16:44:56 UTC 2013
On Fri, 2013-11-15 at 11:28 -0500, m.roth at 5-cent.us wrote:
> And here's my complaint: why should it tell me that it's unlabeled_t,
> rather than telling me "system_r is an invalid role"?
>
Good point, would be nicer if it would not allow one to change to
invalid identifiers in the first place.
I cannot answer the question why one is allowed to chcon -r system_r
<file> in the first place. (might be some technical limitation)
However the unlabeled isid and unlabeled_t sid are there for fail-over
so that security is not compromised if it does happen
More information about the selinux
mailing list