Possible bug in finding default context?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ole Kliemann <ole@plastictree.net>
To: selinux@tycho.nsa.gov
Subject: Possible bug in finding default context?
Date: Thu, 9 Aug 2012 19:45:19 +0200	[thread overview]
Message-ID: <20120809174519.GE1643@telvanni> (raw)

[-- Attachment #1: Type: text/plain, Size: 978 bytes --]

Sometime ago I posted about a problem I had when building a 
monolithic policy. Login programs were unable to determine the 
default context of users when logging in, although i was pretty 
sure I did everything right. I never resolved that but didn't 
bother either since I started writing a new modular policy from 
scratch.

Everything worked flawlessly, including logins, until suddenly 
now logins started to fail again with the login programs unable 
to determine the context of the user.

Oh, what fresh hell is this?! So I started rolling back changes, 
and it turns out if there are too many types associated with one 
role and that role and one of its types is set as default context 
for a user, /bin/login gives 'Unable to get valid context'.

BTW, the exact number seems 194. 194 types associated with one 
role works. 195 and it's broken.

I'm doing this on Ubuntu 12.04, so it could be the crappily 
maintained selinux userland here.

Ole

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

next             reply	other threads:[~2012-08-09 17:45 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-08-09 17:45 Ole Kliemann [this message]
2012-08-09 17:48 ` Possible bug in finding default context? Stephen Smalley
2012-08-10  8:58   ` Ole Kliemann
2012-08-10 12:55     ` Stephen Smalley
2012-08-10  9:13 ` Russell Coker
2012-08-10 10:37   ` Ole Kliemann
2012-08-10 17:21     ` Ole Kliemann
2012-08-10 11:06 ` Ole Kliemann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120809174519.GE1643@telvanni \
    --to=ole@plastictree.net \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.