Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "Krzysztof Kozłowski" <krzysztof.kozlowski@×××××××××.pl>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] SELinux - Root and sudo commands denied
Date: Sun, 10 Jun 2007 16:49:59
Message-Id: 466C2B2A.9090905@kozik.net.pl
In Reply to: Re: [gentoo-hardened] SELinux - Root and sudo commands denied by Petre Rodan
1 Petre Rodan wrote:
2 > any reason why you don't `newrole -r sysadm_r; su -` ?
3 Thanks for reply. "newrole" helped for root commands but not for sudo. Maybe
4 it is problem only with sudo.
5 $ newrole -r sysadm_r
6 $ id -Z
7 staff_u:sysadm_r:sysadm_t
8 $ sudo vi /etc/fstab
9 Jun 10 18:44:25 bambo audit(1181493865.029:1274): avc: denied { write } for
10 pid=30018 comm="vi" name="fstab" dev=sda5 ino=52674
11 scontext=staff_u:sysadm_r:sysadm_sudo_t tcontext=system_u:object_r:etc_t
12 tclass=file
13 Jun 10 18:44:25 bambo audit(1181493865.029:1275): avc: denied { write } for
14 pid=30018 comm="vi" name="etc" dev=sda5 ino=52209
15 scontext=staff_u:sysadm_r:sysadm_sudo_t tcontext=system_u:object_r:etc_t
16 tclass=dir
17
18
19
20 --
21 Krzysztof Kozłowski
22 http://www.kozik.net.pl
23
24
25 --
26 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] SELinux - Root and sudo commands denied Petre Rodan <kaiowas@g.o>
Report Message
Find on MARC Find on Google Groups