1 |
W dniu 2012-03-10 20:42:07 użytkownik Sven Vermeulen <swift@g.o> napisał: |
2 |
> On Sat, Mar 10, 2012 at 07:07:54PM +0100, Krzysztof Nowicki wrote: |
3 |
> > Recently I've upgraded the policy to the latest testing version. I've also had to upgrade policycoreutils (+deps) to the versions from the overlay, since they're required by the policies. Everything seems to be working fine for now, but I noticed a problem with su. Every time I try to use it an error is displayed: |
4 |
> > |
5 |
> > su: Authentication service cannot retrieve authentication info |
6 |
> > |
7 |
> > This message is displayed regardless of the user executing su (even for root/sysadm_r). |
8 |
> [...] |
9 |
> |
10 |
> Hi Krzysztof, |
11 |
> |
12 |
> This should be tackled with selinux-base-policy-2.20120215-r3 (and |
13 |
> selinux-base-2.20120215-r3) and later. Can you check if that is indeed met? |
14 |
> |
15 |
> Iirc, the su domains needed getattr rights on the security_t domain: |
16 |
> |
17 |
> ~# sesearch -s staff_su_t -t security_t -c filesystem -p getattr -A; |
18 |
> Found 1 semantic av rules: |
19 |
> allow staff_su_t security_t : filesystem getattr ; |
20 |
> |
21 |
> Wkr, |
22 |
> Sven Vermeulen |
23 |
> |
24 |
> |
25 |
|
26 |
Hi Sven, |
27 |
|
28 |
Thanks, that helped a lot. I had -r1 previously and since I forgot to update the overlay I didn't see the latest revisions. |
29 |
|
30 |
Best regards |
31 |
Chris |