From: bigon@debian.org (Laurent Bigonville)
Date: Thu, 3 Dec 2015 15:33:22 +0100
Subject: [refpolicy] Transition not working as expected with boolean
 cron_userdomain_transition set to on
In-Reply-To: <565F01B8.6060602@tresys.com>
References: <5652F8F4.3090601@debian.org> <565DC1D5.7020602@tresys.com>
	<565DCA23.3070301@debian.org> <565F01B8.6060602@tresys.com>
Message-ID: <566052B2.4050401@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Le 02/12/15 15:35, Christopher J. PeBenito a ?crit :
> On 12/1/2015 11:26 AM, Laurent Bigonville wrote:
>> Le 01/12/15 16:50, Christopher J. PeBenito a ?crit :
>>> This makes sense, though the default_context files should probably 
>>> be updated similarly. 
>> Is the order relevant here?
> For each line, the order is relevant.  The libraries will choose the
> first partial context that will result in a valid context.  I'd have to
> look at the code to see if it will skip partial contexts if the context
> is valid but the transition is denied.
And in this precise case, do you have a specific order for these 
contexts in the default_contexts file?