| 1 |
On Sat, Mar 10, 2012 at 07:07:54PM +0100, Krzysztof Nowicki wrote: |
| 2 |
> Recently I've upgraded the policy to the latest testing version. I've also had to upgrade policycoreutils (+deps) to the versions from the overlay, since they're required by the policies. Everything seems to be working fine for now, but I noticed a problem with su. Every time I try to use it an error is displayed: |
| 3 |
> |
| 4 |
> su: Authentication service cannot retrieve authentication info |
| 5 |
> |
| 6 |
> This message is displayed regardless of the user executing su (even for root/sysadm_r). |
| 7 |
[...] |
| 8 |
|
| 9 |
Hi Krzysztof, |
| 10 |
|
| 11 |
This should be tackled with selinux-base-policy-2.20120215-r3 (and |
| 12 |
selinux-base-2.20120215-r3) and later. Can you check if that is indeed met? |
| 13 |
|
| 14 |
Iirc, the su domains needed getattr rights on the security_t domain: |
| 15 |
|
| 16 |
~# sesearch -s staff_su_t -t security_t -c filesystem -p getattr -A; |
| 17 |
Found 1 semantic av rules: |
| 18 |
allow staff_su_t security_t : filesystem getattr ; |
| 19 |
|
| 20 |
Wkr, |
| 21 |
Sven Vermeulen |
Archives