On Wed, 2006-08-09 at 15:41 -0400, Stephen Smalley wrote:
On Wed, 2006-08-09 at 18:28 +0100, Paul Howarth wrote:
> Supposing I just remove the pam_selinux from /etc/pam.d/su altogether?
> Is that likely to break anything? Any other way of persuading an FC2
> system that SELinux is disabled?
Removing it should be fine (and has already happened in FC5). I'm not
clear on the cause though - pam_selinux returns immediately with
PAM_SUCCESS if is_selinux_enabled() returns <= 0.
It got further with that line removed, and now hangs when trying to run
rpm as the user "mockbuild" that was added by "useradd". This appears
to
be the first chroot command that's not running as root. It's not obvious
to me what it's waiting for.
Mock root log, with straces of all chroot commands attached.
Paul.