Whenever I use runcon in my script, I get the error “root:system_r:datalabeler_t:s0-s15:c0.c255
is not a valid context”, regardless of the user, role, type, and mls level
that I specify with the runcon command. Infact, even when I specify the context
that I’m already running in with the runcon statement, I get the above
error. So for instance, if I run the script WITHOUT the runcon command, it runs
fine with the following security context (verified with a ps –efZ command):
root:system_r:datalabeler_t:s0-s15:c0.c255.
But if I run the script with a runcon statement that specifies the exact same user,
role, type, and mls level I get the error shown above.
My script runs in a domain named datalabeler_t (I don’t
have the problem when running a similar script in the unconfined_t domain). It
kicks off a java process with the following line: java
mls.SimulatedImport.SimulatedDataLabeler $argv[*]
When I add the runcon statement, I get the above error:
runcon
-u root -r system_r -t datalabeler_t java
mls.SimulatedImport.SimulatedDataLabeler $argv[*]
I am using an selinux policy that I built as an mls policy
off the targeted policy.
Ultimately what I’d like to be able to do is to use
the runcon statement to specify an mls level, but I need to get past this first.
Any help would be appreciated.
Thanks