[refpolicy] range_transitions not working
Eamon Walsh
ewalsh at tycho.nsa.gov
Fri Nov 14 14:25:51 CST 2008
I found the problem, it's a bad range_transition rule. The rule takes
the "related object" context not the result of the type transition,
attached patch fixes it for me.
Index: xserver.te
===================================================================
--- xserver.te (revision 2877)
+++ xserver.te (working copy)
@@ -743,7 +743,7 @@
ifdef(`enable_mls',`
range_transition xserver_t xserver_tmp_t:sock_file s0 - mls_systemhigh;
- range_transition xserver_t rootwindow_t:x_drawable s0 - mls_systemhigh;
+ range_transition xserver_t xserver_t:x_drawable s0 - mls_systemhigh;
')
tunable_policy(`!xserver_object_manager',`
--
Eamon Walsh <ewalsh at tycho.nsa.gov>
National Security Agency
More information about the refpolicy
mailing list