Whenever I use runcon in my script, I get the error “root:system_r:datalabeler_t:s0-s15:c0.c255 is not a valid context”, regardless of the user, role, type, and mls level that I specify with the runcon command. Infact, even when I specify the context that I’m already running in with the runcon statement, I get the above error. So for instance, if I run the script WITHOUT the runcon command, it runs fine with the following security context (verified with a ps –efZ command): root:system_r:datalabeler_t:s0-s15:c0.c255. But if I run the script with a runcon statement that specifies the exact same user, role, type, and mls level I get the error shown above.

 

My script runs in a domain named datalabeler_t (I don’t have the problem when running a similar script in the unconfined_t domain). It kicks off a java process with the following line: java mls.SimulatedImport.SimulatedDataLabeler $argv[*]

When I add the runcon statement, I get the above error:

            runcon -u root -r system_r -t datalabeler_t java mls.SimulatedImport.SimulatedDataLabeler $argv[*]

 

I am using an selinux policy that I built as an mls policy off the targeted policy.

 

Ultimately what I’d like to be able to do is to use the runcon statement to specify an mls level, but I need to get past this first.

 

Any help would be appreciated.

 

Thanks