On Fri, 11 Jul 2008 16:57:57 +0100, Paul Howarth wrote:
> Carl D. Roth wrote:
>> On Fri, 11 Jul 2008 08:14:21 -0700, Dan Thurman wrote:
>>
>>> I am not sure what this is, and /.xauth does not exist, but here is
>>> the log:
>>> ================================
>>> Summary:
>>>
>>> SELinux is preventing su (initrc_su_t) "execute" to ./xauth
>>> (xauth_exec_t).
>>>
>>> Detailed Description:
>>>
>>>
>> I had that happen on one of my systems too. It was starting a service
>> in init.d that changed userid's via 'su'. Since it was a headless
>> application (i.e. daemon) I chose to ignore the errors as follows:
>>
>> gen_require(`
>> type initrc_su_t;
>> type sshd_t;
>> type xauth_exec_t;
>> ')
>>
>> dontaudit initrc_su_t sshd_t:key { search }; dontaudit initrc_su_t
>> xauth_exec_t:file { execute };
>>
>> As you can see, the 'su' session also tried to grovel around for SSH
>> keys.
>
> Does it behave better if you use "runuser" instead of "su"?
>
> Paul.
That fixed it, thanks.
C
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
