SELinux and Shorewall with IPSets
Dominick Grift
domg472 at gmail.com
Wed Jun 30 19:53:08 UTC 2010
On 06/30/2010 09:48 PM, Mr Dash Four wrote:
>
>> hmm... i am not sure about this but maybe:
>>
>> role system_r types setfiles_mac_t;
>>
>> helps here..
>>
> What do you mean?
Is says "security_compute_sid: invalid context
unconfined_u:system_r:setfiles_mac_t:s0-s0:c0.c1023"
I think that may be because system_r cannot be used for setfiles_mac_t.
Looking at the policy i could not find anywhere where system_r would be
allowed the setfiles_mac_t domain.
So by adding that rule , the system_r role should be allowed the
setfiles_mac_t domain, making the context valid.
But its just a guess.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100630/3f0cc4a3/attachment.bin
More information about the selinux
mailing list