I did a little more testing [user1@hoho2 user1]$ seuser show users Could not access policy.conf file. Verify the location is valid in the seuser.co nf file. [user1@hoho2 user1]$ At this point, I said 'whoops, remake of setools has same problem as before' But then a minute later, when I was logged in as root, I did it again with good results - no code change. [root@hoho2 user1]# [root@hoho2 user1]# seuser show users system_u: system_r user_u: user_r sysadm_r system_r root: staff_r sysadm_r system_r cyrus: cyrus_r mailman: mailman_r [root@hoho2 user1]# I don't know what the desired error message is for an ordinary user? Are mortal users discouraged from running seuser? If so, perhaps the policy should just make it not executable for mortal users. If mortal users can run 'seuser', then perhaps the seuser.conf file has to be accessible to the seuser program when being run by a mortal user. That is my guess at why the error message comes up. BobG On Wed, 26 May 2004 14:07:30 -0400, Stephen Smalley wrote: >On Wed, 2004-05-26 at 14:01, Bob Gustafson wrote: >> Thanks much, seems to work (I have a blank apol window popped up on my >>screen) >> >> The Tresys version of setools-1.3.1.tgz is bigger and newer than the one on >> the NSA site. > >diff -ru on the expanded directories shows that the only difference is >that the Tresys tarball has a spurious Attic directory under seuser. >The tarball on the NSA site is built from our internal CVS tree, and we >import new versions from Tresys as appropriate (but naturally don't >import CVS internal files like the Attic directory). > >-- >Stephen Smalley <sds@xxxxxxxxxxxxxx> >National Security Agency > >-- >fedora-selinux-list mailing list >fedora-selinux-list@xxxxxxxxxx >http://www.redhat.com/mailman/listinfo/fedora-selinux-list
