| 1 |
Hi all, |
| 2 |
|
| 3 |
I recently set up SELinux under Gentoo and find that SELinux is prohibiting |
| 4 |
ordinary users from running su. Is this intentional? Since I generally |
| 5 |
prohibit root logins via SSH, access to su is important to me; I cannot |
| 6 |
otherwise administer the system remotely. |
| 7 |
|
| 8 |
I'm using pam-0.77, which is the version that I understand to be |
| 9 |
SELinux-compliant. The users have context user_u:user_r:user_t and the su |
| 10 |
executable has context system_u:object_r:su_exec_t. Where else might I look |
| 11 |
for a possible error in my configuration? |
| 12 |
|
| 13 |
The possibility that makes me most anxious is that I may have too recent a |
| 14 |
version of some ebuild that should be security-aware. I find setting |
| 15 |
ACCEPT_KEYWORDS="~x86" a bit scary <g>. Is there a list of known good |
| 16 |
ebuild versions, or should I check the Changelog of each ebuild? |
| 17 |
|
| 18 |
Thanks for any suggestions! |
| 19 |
|
| 20 |
Cheers, |
| 21 |
|
| 22 |
--------------------------------------------------- |
| 23 |
Bill McCarty |
| 24 |
|
| 25 |
|
| 26 |
-- |
| 27 |
gentoo-hardened@g.o mailing list |
Archives