| 1 |
W dniu 2012-03-10 20:42:07 użytkownik Sven Vermeulen <swift@g.o> napisał: |
| 2 |
> On Sat, Mar 10, 2012 at 07:07:54PM +0100, Krzysztof Nowicki wrote: |
| 3 |
> > Recently I've upgraded the policy to the latest testing version. I've also had to upgrade policycoreutils (+deps) to the versions from the overlay, since they're required by the policies. Everything seems to be working fine for now, but I noticed a problem with su. Every time I try to use it an error is displayed: |
| 4 |
> > |
| 5 |
> > su: Authentication service cannot retrieve authentication info |
| 6 |
> > |
| 7 |
> > This message is displayed regardless of the user executing su (even for root/sysadm_r). |
| 8 |
> [...] |
| 9 |
> |
| 10 |
> Hi Krzysztof, |
| 11 |
> |
| 12 |
> This should be tackled with selinux-base-policy-2.20120215-r3 (and |
| 13 |
> selinux-base-2.20120215-r3) and later. Can you check if that is indeed met? |
| 14 |
> |
| 15 |
> Iirc, the su domains needed getattr rights on the security_t domain: |
| 16 |
> |
| 17 |
> ~# sesearch -s staff_su_t -t security_t -c filesystem -p getattr -A; |
| 18 |
> Found 1 semantic av rules: |
| 19 |
> allow staff_su_t security_t : filesystem getattr ; |
| 20 |
> |
| 21 |
> Wkr, |
| 22 |
> Sven Vermeulen |
| 23 |
> |
| 24 |
> |
| 25 |
|
| 26 |
Hi Sven, |
| 27 |
|
| 28 |
Thanks, that helped a lot. I had -r1 previously and since I forgot to update the overlay I didn't see the latest revisions. |
| 29 |
|
| 30 |
Best regards |
| 31 |
Chris |
Archives