From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 17 Nov 2008 08:58:32 -0500
Subject: [refpolicy] range_transitions not working
In-Reply-To: <491DDECF.9050701@tycho.nsa.gov>
References: <cadfc0e40811130625r62a0b976u6c8b639a21a988bb@mail.gmail.com>
	<491D93A5.2080007@redhat.com>  <491DDECF.9050701@tycho.nsa.gov>
Message-ID: <1226930312.24358.84.camel@gorn>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2008-11-14 at 15:25 -0500, Eamon Walsh wrote:
> I found the problem, it's a bad range_transition rule.  The rule takes
> the "related object" context not the result of the type transition,
> attached patch fixes it for me.

Merged.

> Index: xserver.te
> ===================================================================
> --- xserver.te	(revision 2877)
> +++ xserver.te	(working copy)
> @@ -743,7 +743,7 @@
>  
>  ifdef(`enable_mls',`
>  	range_transition xserver_t xserver_tmp_t:sock_file s0 - mls_systemhigh;
> -	range_transition xserver_t rootwindow_t:x_drawable s0 - mls_systemhigh;
> +	range_transition xserver_t xserver_t:x_drawable s0 - mls_systemhigh;
>  ')
>  
>  tunable_policy(`!xserver_object_manager',`
> 
> 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150