On 11/27/2011 10:38 AM, Sven Vermeulen wrote: > > Hi Stan, > > This isn't really the way it is meant to resolve. From your denials, I > gather that you were still running in staff_r role. You need to transition > to sysadm_r role first and then try to perform your administrative tasks. > > Wkr, > Sven Vermeulen Sven,
Thanks for the tip. I was running in staff_r when I got the denials. I thought I read somewhere that staff was allowed to su, so never thought the difference of when I entered the newrole to be that significant. Anyway, I'll call newrole first but it still appears as though I need to keep the calls to pam_selinux out of the su file as it fails when they are in. Also pam_xauth doesn't appear as though it's able to play with selinux, at least not inside the su file. -- Stan & HD Tashi Grad 10/08 Edgewood, NM SWR PR - Cindy and Jenny - Sammamish, WA NWR http://www.cci.org
signature.asc
Description: OpenPGP digital signature
