On 07/10/2014 10:25 AM, Stephen Smalley wrote: > On 07/10/2014 10:23 AM, Dominick Grift wrote: >> On Thu, 2014-07-10 at 10:11 -0400, Stephen Smalley wrote: >> >>> Is the classorder bug? >>> $ su <hangs forever> >>> $ dmesg >>> systemd[1]: SELinux policy denies access. >>> >> >> Is that with handle-unknown set to deny? >> >> if so then this is due to a missing av permission for the system class >> in the fedora policy >> >> Else it may be indeed related to classorder but i think its the former > > No, this is a stock system, so semanage.conf has the defaults, i.e. no > expand-check and no handle-unknown. Hmmm...but rebooting "cleared" it and now I can su without delay and no systemd error message. Merged #next to #integration locally to try to pick up the improved error reporting on unknown class/perms but can't reproduce it now... _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
