-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/15/2013 11:44 AM, Dominick Grift wrote:
On Fri, 2013-11-15 at 11:28 -0500, m.roth(a)5-cent.us wrote:
> And here's my complaint: why should it tell me that it's unlabeled_t,
> rather than telling me "system_r is an invalid role"?
>
Good point, would be nicer if it would not allow one to change to invalid
identifiers in the first place.
I cannot answer the question why one is allowed to chcon -r system_r <file>
in the first place. (might be some technical limitation)
However the unlabeled isid and unlabeled_t sid are there for fail-over so
that security is not compromised if it does happen
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Looks like a bug to me.
Should have generated an MAC_ADMIN avc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlKGkIIACgkQrlYvE4MpobM9/QCfdoqYcPLMHMRv7eg+P9fFTFqj
QgIAoLcplQEzMB0It5f29cqGloxZUnHz
=NuUO
-----END PGP SIGNATURE-----