1 |
Petre Rodan wrote: |
2 |
> any reason why you don't `newrole -r sysadm_r; su -` ? |
3 |
Thanks for reply. "newrole" helped for root commands but not for sudo. Maybe |
4 |
it is problem only with sudo. |
5 |
$ newrole -r sysadm_r |
6 |
$ id -Z |
7 |
staff_u:sysadm_r:sysadm_t |
8 |
$ sudo vi /etc/fstab |
9 |
Jun 10 18:44:25 bambo audit(1181493865.029:1274): avc: denied { write } for |
10 |
pid=30018 comm="vi" name="fstab" dev=sda5 ino=52674 |
11 |
scontext=staff_u:sysadm_r:sysadm_sudo_t tcontext=system_u:object_r:etc_t |
12 |
tclass=file |
13 |
Jun 10 18:44:25 bambo audit(1181493865.029:1275): avc: denied { write } for |
14 |
pid=30018 comm="vi" name="etc" dev=sda5 ino=52209 |
15 |
scontext=staff_u:sysadm_r:sysadm_sudo_t tcontext=system_u:object_r:etc_t |
16 |
tclass=dir |
17 |
|
18 |
|
19 |
|
20 |
-- |
21 |
Krzysztof Kozłowski |
22 |
http://www.kozik.net.pl |
23 |
|
24 |
|
25 |
-- |
26 |
gentoo-hardened@g.o mailing list |