>> > Does this work in permissive mode? Actually, no, it doesn't, but I think I found the problem. I was assuming all I needed at the end of newrole was --, but the man page says to use "-- -c", which does seem to be working now. Turning enforcing back on: [test@kvm001 ~]$ sudo /usr/bin/audit.sh echo "hi there" Password: hi there So, that seems to be good, but it's still asking for the password for the selinux user. Is pam_rootok not doing what it's supposed to? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
