I run one Fedora Atomic 30 desktop and one server. I am lfet with two issues on these machines.
1. On server:
---------
gabx@poppy➤➤ ~ % su
zsh: permission denied: su
gabx@poppy➤➤ ~ % sudo -i
[sudo] password for gabx:
root@poppy➤➤ ~ #
zsh: permission denied: su
gabx@poppy➤➤ ~ % sudo -i
[sudo] password for gabx:
root@poppy➤➤ ~ #
-------------------------
Is it the expected behavior? I could run su a few days ago.
Below some info:
----------
# cat /etc/sudoers
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
#includedir /etc/sudoers.d
# cat /etc/sudoers.d/gabx
gabx ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL
# semanage login -l
Login Name SELinux User MLS/MCS Range Service
__default__ unconfined_u s0-s0:c0.c1023 *
gabx sysadm_u s0-s0:c0.c1023 *
root system_u s0-s0:c0.c1023 *
Login Name SELinux User MLS/MCS Range Service
__default__ unconfined_u s0-s0:c0.c1023 *
gabx sysadm_u s0-s0:c0.c1023 *
root system_u s0-s0:c0.c1023 *
gabx@poppy➤➤ ~ % id -Z
sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
------------------------------------------------
2. On Silverblue desktop, I can't start the system anymore with selinux enforced. I had to edit kernel command line with selinux=0 to boot, then edit selinux config to disable.
How can I debug and solve this issue?
Thank you for help.
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
