runcon: invalid context
Tracy Reed
treed at ultraviolet.org
Thu Apr 30 19:21:38 UTC 2015
I want to manually run an app within a certain context. When I try running it
like so I get the following error:
# id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
# runcon p16001_u:myapp_r:myapp_t:s0:c1 /myapp/startup.sh
runcon: invalid context: p16001_u:myapp_r:myapp_t:s0:c1: Invalid argument
unconfined should be allowed to transition to any context, right? No AVC is
generated so I don't think that's the issue. The user p16001_u exists with
category c1, with role myapp_r and myapp_t exists in the policy. I'm unclear as
to why this is an invalid context.
# semanage user -l
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range SELinux Roles
git_shell_u user s0 s0 git_shell_r
myapp_u user s0 s0-s0:c0.c1023 myapp_r
guest_u user s0 s0 guest_r
p16000_u user s0 s0-s0:c0 myapp_r
p16001_u user s0 s0-s0:c1 myapp_r
p16002_u user s0 s0-s0:c2 myapp_r
p16003_u user s0 s0-s0:c3 myapp_r
p16004_u user s0 s0-s0:c4 myapp_r
p16005_u user s0 s0-s0:c5 myapp_r
p16006_u user s0 s0-s0:c6 myapp_r
p16007_u user s0 s0-s0:c7 myapp_r
p16008_u user s0 s0-s0:c8 myapp_r
p16009_u user s0 s0-s0:c9 myapp_r
p16010_u user s0 s0-s0:c10 myapp_r
root user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r
staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r
sysadm_u user s0 s0-s0:c0.c1023 sysadm_r
system_u user s0 s0-s0:c0.c1023 system_r unconfined_r
unconfined_u user s0 s0-s0:c0.c1023 system_r unconfined_r
user_u user s0 s0 user_r
xguest_u user s0 s0 xguest_r
Any tips greatly appreciated!
--
Tracy Reed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20150430/2d85b639/attachment.sig>
More information about the selinux
mailing list