On 07/10/2014 10:23 AM, Dominick Grift wrote: > On Thu, 2014-07-10 at 10:11 -0400, Stephen Smalley wrote: > >> Is the classorder bug? >> $ su <hangs forever> >> $ dmesg >> systemd[1]: SELinux policy denies access. >> > > Is that with handle-unknown set to deny? > > if so then this is due to a missing av permission for the system class > in the fedora policy > > Else it may be indeed related to classorder but i think its the former No, this is a stock system, so semanage.conf has the defaults, i.e. no expand-check and no handle-unknown. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
