| 1 |
On 11/27/2011 10:38 AM, Sven Vermeulen wrote: |
| 2 |
> |
| 3 |
> Hi Stan, |
| 4 |
> |
| 5 |
> This isn't really the way it is meant to resolve. From your denials, I |
| 6 |
> gather that you were still running in staff_r role. You need to transition |
| 7 |
> to sysadm_r role first and then try to perform your administrative tasks. |
| 8 |
> |
| 9 |
> Wkr, |
| 10 |
> Sven Vermeulen |
| 11 |
Sven, |
| 12 |
|
| 13 |
Thanks for the tip. I was running in staff_r when I got the denials. I |
| 14 |
thought I read somewhere that staff was allowed to su, so never thought |
| 15 |
the difference of when I entered the newrole to be that significant. |
| 16 |
Anyway, I'll call newrole first but it still appears as though I need to |
| 17 |
keep the calls to pam_selinux out of the su file as it fails when they |
| 18 |
are in. Also pam_xauth doesn't appear as though it's able to play with |
| 19 |
selinux, at least not inside the su file. |
| 20 |
|
| 21 |
-- |
| 22 |
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR |
| 23 |
PR - Cindy and Jenny - Sammamish, WA NWR |
| 24 |
http://www.cci.org |
Archives