Hello, I have narrowed my problem down to a constraint violation in my own policy module I am working on but can't seem to fix. I understand that the constrain I need to fix is the following:
constrain lnk_file { create relabelfrom relabelto } ((u1 == u2)) or (t1 == can_change_object_identity)
and then it has this allow rule after the constrain avc violation which is:
allow myuser_t user_tmp_t:lnk_file_create;
"Possible cause is the source user(myuser_u) and target user (system_u) are different."
Any help is appreciated, thank you.