During the load process I get

ss: loading .....

security: 5 users, 6roles, 391 types
security: 29 classes, 74171 rules
security: context root:sysadm_r:ipchains_t is invalid

Why/How is it invalid?

attached is the new ipchains.te

Shaun

#
# Authors: Justin Smith <jsmith@mcs.drexel.edu>
#

role sysadm_t types { ipchains_t };
domain_auto_trans(sysadm_t, ipchains_exec_t, ipchains_t)

allow tripwire_t sysadm_tty_device_t:chr_file rw_file_perms;
allow tripwire_t sysadm_devpts_t:chr_file rw_file_perms;
allow tripwire_t sysadm_gph_t:fd inherit_fd_perms;
 
auditallow sysadm_t ipchains_t:process transition;

#
# Rules for the ipchains_t domain.
#

type ipchains_t, domain, privlog;
type ipchains_exec_t, file_type, sysadmfile, exec_type;
type ipchains_var_run_t, file_type, sysadmfile, pidfile;

domain_auto_trans(ipchains_t, insmod_exec_t, insmod_t)

domain_auto_trans(ipchains_t, ifconfig_exec_t, ifconfig_t) file_type_auto_trans(ipchains_t, var_run_t, ipchains_var_run_t) uses_shlib(ipchains_t)

# Inherit and use descriptors from init.
allow ipchains_t init_t:fd inherit_fd_perms;

allow ipchains_t bin_t:file { execute execute_no_trans };
allow ipchains_t ipchains_exec_t:file { execute_no_trans };
allow ipchains_t ipchains_t:capability { net_admin net_raw };
allow ipchains_t ipchains_t:rawip_socket { create setopt };

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.