Re: issues su/sudo and more

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 30, 2019 at 2:57 PM arnaud gaboury <arnaud.gaboury@xxxxxxxxx> wrote:
I run one Fedora Atomic 30 desktop and one server. I am lfet with two issues on these machines.

1. On server:

---------
gabx@poppy➤➤ ~ % su
zsh: permission denied: su
gabx@poppy➤➤ ~ % sudo -i
[sudo] password for gabx:
root@poppy➤➤ ~ #
-------------------------
Is it the expected behavior? I could run su a few days ago.
Below some info:
----------
# cat /etc/sudoers
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
#includedir /etc/sudoers.d

# cat /etc/sudoers.d/gabx
gabx ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r ALL
# semanage login -l

Login Name           SELinux User         MLS/MCS Range        Service

__default__          unconfined_u         s0-s0:c0.c1023       *
gabx                 sysadm_u             s0-s0:c0.c1023       *
root                 system_u             s0-s0:c0.c1023       *

gabx@poppy➤➤ ~ % id -Z
sysadm_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
------------------------------------------------

NOTE:
after I fixed some SELinux warnings, I have now the following:

--------------------------
gabx@poppy➤➤ ~ % su -
zsh: segmentation fault  su -
gabx@poppy➤➤ ~ % strace -o /tmp/u su
zsh: segmentation fault (core dumped)  strace -o /tmp/u su
gabx@poppy➤➤ ~ % cat /tmp/u
execve("/usr/bin/su", ["su"], 0x7ffcb9fe7360 /* 29 vars */) = -1 EACCES (Permission denied)
+++ killed by SIGSEGV +++
.................................



2. On Silverblue desktop, I can't start the system anymore with selinux enforced. I had to edit kernel command line with selinux=0 to boot, then edit selinux config to disable.
How can I debug and solve this issue?


Thank you for help.

_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux