Re: sudo avc denies: was Re: Upgrading to policy-strict RPM's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2004-07-09 at 10:18, Kirk Vogelsang wrote:
> Having a problem w/ sudo now however:
> 
> $ rpm -q selinux-policy-strict sudo
> selinux-policy-strict-1.14.1-2
> sudo-1.6.7p5-27
> $ id
> uid=600(admin) gid=600(admin) groups=10(wheel),600(admin) context=user_u:user_r:user_t
> $ sudo sh
> sudo: unable to exec /usr/sbin/sesh: Permission denied
> $ dmesg
> audit(1089381994.953:0): avc:  denied  { execute_no_trans } for  pid=845 exe=/usr/bin/sudo path=/usr/sbin/sesh dev=sda3 ino=32091 scontext=user_u:user_r:user_sudo_t tcontext=system_u:object_r:shell_exec_t tclass=file
> 
> I receive the same results if running in staff_r or sysadm_r as well.

sudo is presently broken; the SELinux patch and policy for it are being
reworked.  Hopefully there will be something newer in rawhide soon.

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux