Hi,

I've been trying (on and off for some time) to get a very simple test policy working on a FC2 selinux system. I just want it to have the following types:

boot_d: default domain
login_d: domain automatically entered by /bin/login user_d: domain voluntarily entered by login_d obj_t: type for all fs objects
login_et: type for /bin/login

The policy files are attached. I did

       checkpolicy -o basic.bin basic.pol
       cp basic.bin /etc/security/selinux/policy.17
       (boot with selinux=0)
       setfiles basic.ctx /

Doing these same steps with /etc/security/selinux/src/policy/policy.conf and /etc/security/selinux/src/policy/file_contexts/file_contexts results in a working selinux system.

With my basic policy, though, boot_d will not transition to login_d on execution of /bin/login. ls -Z /bin/login shows that it is labeled as login_et. Since logging in doesn't work, I test by booting single user mode, and running

ps -Z
[everything is running under boot_d]
/bin/login & ps -Z
[login is running under boot_d]

What am I missing in the policy that would enable this automatic domain transition to happen?

thanks,
-serge

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.



application/octet-stream attachment: basic.pol



application/octet-stream attachment: basic.ctx