On Fri, 2004-07-09 at 10:18, Kirk Vogelsang wrote:
> Having a problem w/ sudo now however:
>
> $ rpm -q selinux-policy-strict sudo
> selinux-policy-strict-1.14.1-2
> sudo-1.6.7p5-27
> $ id
> uid=600(admin) gid=600(admin) groups=10(wheel),600(admin) context=user_u:user_r:user_t
> $ sudo sh
> sudo: unable to exec /usr/sbin/sesh: Permission denied
> $ dmesg
> audit(1089381994.953:0): avc: denied { execute_no_trans } for pid=845 exe=/usr/bin/sudo path=/usr/sbin/sesh dev=sda3 ino=32091 scontext=user_u:user_r:user_sudo_t tcontext=system_u:object_r:shell_exec_t tclass=file
>
> I receive the same results if running in staff_r or sysadm_r as well.
sudo is presently broken; the SELinux patch and policy for it are being
reworked. Hopefully there will be something newer in rawhide soon.
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
