runcon Invalid argument

[Moray Henderson (ICT)]

I'm trying to debug an httpd-nfs-selinux issue, and it would be _really_
useful to be able to execute commands in context httpd_t while trying out
combinations of the nfs_export_all_rw Boolean and public_content_rw_t type.

If I can do

[root at kojihub ~]# runcon unconfined_u:unconfined_r:unconfined_t:s0 bash
[root at kojihub ~]# exit

why can't I do

[root at kojihub ~]# runcon unconfined_u:unconfined_r:httpd_t:s0 bash
runcon: invalid context: unconfined_u:unconfined_r:httpd_t:s0: Invalid
argument

The actual issue is that I've set up a new koji hub with /mnt/koji on an nfs
mount; with SELinux in permissive mode I get

AVC Report
========================================================
# date time comm subj syscall class permission obj event
========================================================
1. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 4 dir getattr
system_u:object_r:nfs_t:s0 denied 494
2. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 4 dir search
system_u:object_r:nfs_t:s0 denied 493
3. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 83 dir write
system_u:object_r:nfs_t:s0 denied 495
4. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 83 dir
add_name system_u:object_r:nfs_t:s0 denied 495
5. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 83 dir create
unconfined_u:object_r:nfs_t:s0 denied 495
6. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 2 file create
unconfined_u:object_r:nfs_t:s0 denied 496
7. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 2 file open
system_u:object_r:nfs_t:s0 denied 496


Moray.
"To err is human; to purr, feline."




  OM International Limited - Unit B Clifford Court, Cooper Way - Carlisle CA3 0JG - United Kingdom
  Charity reg no: 1112655 - Company reg no: 5649412 (England and Wales)