1 |
Hi all, |
2 |
|
3 |
I recently set up SELinux under Gentoo and find that SELinux is prohibiting |
4 |
ordinary users from running su. Is this intentional? Since I generally |
5 |
prohibit root logins via SSH, access to su is important to me; I cannot |
6 |
otherwise administer the system remotely. |
7 |
|
8 |
I'm using pam-0.77, which is the version that I understand to be |
9 |
SELinux-compliant. The users have context user_u:user_r:user_t and the su |
10 |
executable has context system_u:object_r:su_exec_t. Where else might I look |
11 |
for a possible error in my configuration? |
12 |
|
13 |
The possibility that makes me most anxious is that I may have too recent a |
14 |
version of some ebuild that should be security-aware. I find setting |
15 |
ACCEPT_KEYWORDS="~x86" a bit scary <g>. Is there a list of known good |
16 |
ebuild versions, or should I check the Changelog of each ebuild? |
17 |
|
18 |
Thanks for any suggestions! |
19 |
|
20 |
Cheers, |
21 |
|
22 |
--------------------------------------------------- |
23 |
Bill McCarty |
24 |
|
25 |
|
26 |
-- |
27 |
gentoo-hardened@g.o mailing list |