Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo Hardened (http://www.linux-archive.org/gentoo-hardened/)
-   -   Problems with su on 20120215 policy and latest policycoreutils (http://www.linux-archive.org/gentoo-hardened/643030-problems-su-20120215-policy-latest-policycoreutils.html)

Sven Vermeulen 03-10-2012 06:42 PM
Problems with su on 20120215 policy and latest policycoreutils
 
On Sat, Mar 10, 2012 at 07:07:54PM +0100, Krzysztof Nowicki wrote:
> Recently I've upgraded the policy to the latest testing version. I've also had to upgrade policycoreutils (+deps) to the versions from the overlay, since they're required by the policies. Everything seems to be working fine for now, but I noticed a problem with su. Every time I try to use it an error is displayed:
>
> su: Authentication service cannot retrieve authentication info
>
> This message is displayed regardless of the user executing su (even for root/sysadm_r).
[...]

Hi Krzysztof,

This should be tackled with selinux-base-policy-2.20120215-r3 (and
selinux-base-2.20120215-r3) and later. Can you check if that is indeed met?

Iirc, the su domains needed getattr rights on the security_t domain:

~# sesearch -s staff_su_t -t security_t -c filesystem -p getattr -A;
Found 1 semantic av rules:
allow staff_su_t security_t : filesystem getattr ;

Wkr,
Sven Vermeulen


All times are GMT. The time now is 02:35 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.