From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sun, 26 Feb 2012 15:37:10 +0100
Subject: [refpolicy] Showing role attributes + issue when calling
	selinux utilities
In-Reply-To: <20120226131858.GA30221@siphos.be>
References: <20120226131858.GA30221@siphos.be>
Message-ID: <20120226143710.GA13483@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, Feb 26, 2012 at 02:19:27PM +0100, Sven Vermeulen wrote:
> ~# dmesg | tail -1
> [ 6165.059146] type=1401 audit(1330261818.013:2712): security_compute_sid:
> invalid context root:staff_r:newrole_t for scontext=root:staff_r:newrole_t
> tcontext=root:staff_r:newrole_t tclass=unix_stream_socket
[...]
>           role $2 types run_init_t;
[...]
>           roleattribute $2 run_init_roles;


Looks like the issue is that there is nowhere a rule like so:

	role run_init_roles types run_init_t;

Adding that to the policy makes the tests go further. Same for

	role newrole_roles types newrole_t;

Wkr,
	Sven Vermeulen