Hi,

I've been trying (on and off for some time) to get a very simple
test policy working on a FC2 selinux system.  I just want it to have
the following types:

boot_d:   default domain
login_d:  domain automatically entered by /bin/login
user_d:   domain voluntarily entered by login_d
obj_t:    type for all fs objects
login_et: type for /bin/login

The policy files are attached.  I did
       checkpolicy -o basic.bin basic.pol
       cp basic.bin /etc/security/selinux/policy.17
       (boot with selinux=0)
       setfiles basic.ctx /

Doing these same steps with /etc/security/selinux/src/policy/policy.conf
and /etc/security/selinux/src/policy/file_contexts/file_contexts
results in a working selinux system.

With my basic policy, though, boot_d will not transition to login_d
on execution of /bin/login.  ls -Z /bin/login shows that it is labeled
as login_et.  Since logging in doesn't work, I test by booting single
user mode, and running

ps -Z
[everything is running under boot_d]
/bin/login & ps -Z
[login is running under boot_d]

What am I missing in the policy that would enable this automatic
domain transition to happen?

thanks,
-serge