From: ewalsh@tycho.nsa.gov (Eamon Walsh)
Date: Fri, 14 Nov 2008 15:25:51 -0500
Subject: [refpolicy] range_transitions not working
In-Reply-To: <491D93A5.2080007@redhat.com>
References: <cadfc0e40811130625r62a0b976u6c8b639a21a988bb@mail.gmail.com>
	<491D93A5.2080007@redhat.com>
Message-ID: <491DDECF.9050701@tycho.nsa.gov>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

I found the problem, it's a bad range_transition rule.  The rule takes
the "related object" context not the result of the type transition,
attached patch fixes it for me.

Index: xserver.te
===================================================================
--- xserver.te	(revision 2877)
+++ xserver.te	(working copy)
@@ -743,7 +743,7 @@
 
 ifdef(`enable_mls',`
 	range_transition xserver_t xserver_tmp_t:sock_file s0 - mls_systemhigh;
-	range_transition xserver_t rootwindow_t:x_drawable s0 - mls_systemhigh;
+	range_transition xserver_t xserver_t:x_drawable s0 - mls_systemhigh;
 ')
 
 tunable_policy(`!xserver_object_manager',`


-- 
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency