-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dear all,
I am currently experiencing some trouble in modifying a process MCS category.
Here is the problem:
I have got a user who is in s0:c1.c2 Then this user launches a process which thus runs in the same range (s0:c1.c2) A setcon() is made to move the context process into a restriction : s0:c1
By adding, a new allow rule thanks to a module, this step works great.
allow user_t self:process { setcurrent dyntransition };
Once in this restricted context, it seems impossible to run another setcon(), in order to move into s0:c2 or return into the initial context s0:c1.c2.
Here is the error launched by audit :
type=AVC msg=audit(1224638358.893:242): avc: denied { dyntransition } for pid=26212 comm="prog" scontext=user_u:user_r:user_t:s0:c1 tcontext=user_u:user_r:user_t:s0:c2 tclass=process
Is it possible to add a rule which will allow the process to re-enter in s0:c1.c2 context or to enter into s0:c2 from s0:c1 ?
Regards,
Vince
selinux@lists.fedoraproject.org