Whenever I use runcon in my script, I get the error
"root:system_r:datalabeler_t:s0-s15:c0.c255 is not a valid context",
regardless of the user, role, type, and mls level that I specify with
the runcon command. Infact, even when I specify the context that I'm
already running in with the runcon statement, I get the above error. So
for instance, if I run the script WITHOUT the runcon command, it runs
fine with the following security context (verified with a ps -efZ
command): root:system_r:datalabeler_t:s0-s15:c0.c255. But if I run the
script with a runcon statement that specifies the exact same user, role,
type, and mls level I get the error shown above.
My script runs in a domain named datalabeler_t (I don't have the problem
when running a similar script in the unconfined_t domain). It kicks off
a java process with the following line: java
mls.SimulatedImport.SimulatedDataLabeler $argv[*]
When I add the runcon statement, I get the above error:
runcon -u root -r system_r -t datalabeler_t java
mls.SimulatedImport.SimulatedDataLabeler $argv[*]
I am using an selinux policy that I built as an mls policy off the
targeted policy.
Ultimately what I'd like to be able to do is to use the runcon statement
to specify an mls level, but I need to get past this first.
Any help would be appreciated.
Thanks