Thanks. That seems to help quite a bit. I now get some messages. For example it seems that newrole wants to read /etc/shadow directly. Will check those messages and play around with the policy. On Tuesday 05 August 2008 22:17:19 Xavier Toth wrote: > On Tue, Aug 5, 2008 at 8:55 AM, Dennis Wronka <linuxweb@xxxxxxx> wrote: > > Hi folks, > > > > I'd like to ask about a problem I am experiencing with newrole. > > When I use newrole in permissive-mode I have no problems changing the > > role. Also I don't get any audit-messages. > > But when I switch to enforcing-mode I cannot use newrole, it keeps > > telling me "incorrect password for root", although it clearly is correct. > > I suspect a problem in interaction between newrole and unix_chkpwd, but > > am not entirely sure about it. > > > > Problem is that I don't get any audits from SELinux, only errors in > > auth.log from unix_chkpwd: > > check_pass; user unknown > > password check failer for user (root) > > > > I am working with the latest reference-policy, adjusted here and there to > > fit the needs of my distro. > > > > Thanks for any suggestions. > > > > Dennis > > You can try using `semodule -DB` to turn off the dontaudits and see if > you get any AVCs then.
Attachment:
signature.asc
Description: This is a digitally signed message part.
