I want to manually run an app within a certain context. When I try running it like so I get the following error:

# id -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 # runcon p16001_u:myapp_r:myapp_t:s0:c1 /myapp/startup.sh runcon: invalid context: p16001_u:myapp_r:myapp_t:s0:c1: Invalid argument

unconfined should be allowed to transition to any context, right? No AVC is generated so I don't think that's the issue. The user p16001_u exists with category c1, with role myapp_r and myapp_t exists in the policy. I'm unclear as to why this is an invalid context.

# semanage user -l

Labeling MLS/ MLS/ SELinux User Prefix MCS Level MCS Range SELinux Roles

git_shell_u user s0 s0 git_shell_r myapp_u user s0 s0-s0:c0.c1023 myapp_r guest_u user s0 s0 guest_r p16000_u user s0 s0-s0:c0 myapp_r p16001_u user s0 s0-s0:c1 myapp_r p16002_u user s0 s0-s0:c2 myapp_r p16003_u user s0 s0-s0:c3 myapp_r p16004_u user s0 s0-s0:c4 myapp_r p16005_u user s0 s0-s0:c5 myapp_r p16006_u user s0 s0-s0:c6 myapp_r p16007_u user s0 s0-s0:c7 myapp_r p16008_u user s0 s0-s0:c8 myapp_r p16009_u user s0 s0-s0:c9 myapp_r p16010_u user s0 s0-s0:c10 myapp_r root user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r sysadm_u user s0 s0-s0:c0.c1023 sysadm_r system_u user s0 s0-s0:c0.c1023 system_r unconfined_r unconfined_u user s0 s0-s0:c0.c1023 system_r unconfined_r user_u user s0 s0 user_r xguest_u user s0 s0 xguest_r

Any tips greatly appreciated!