{Solved} FC[5|6] strict policy and root
David Nedrow
dnedrow at usa.net
Tue Oct 24 20:59:47 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Oct 24, 2006, at 2:42 PM, Stephen Smalley wrote:
> On Tue, 2006-10-24 at 14:17 -0400, David Nedrow wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Has anyone successfully switched from targeted to strict policies
>> under either FC5 or FC6?
>>
>> Does anyone have an idea as to what I'm missing?
>>
>> Prior to FC5, I had no problems with the strict policy.
>>
>
> A few observations:
> - root is not necessarily all powerful under SELinux; it depends on
> what
> role/domain he has. What does id show? root often has to first
> newrole
> -r sysadm_r in order to assume administrative privileges under strict
> policy.
>
Aha. That was it.
> To enable other users to assume admin privileges, you will need
> to map them to staff_u using semanage so that they can newrole to
> sysadm_r and then run su or sudo as appropriate.
>
Thanks for the info.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFFPn7EF5XSfHP90EcRAq6nAJ9DjQJletGP4QTgFZ0TPfXVD+J9SQCePJs0
OxWPp/B+YI8R0+/NFZNlpzE=
=I2bz
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list