I recently switched from FC4 targeted (enforcing) to strict (permissive) using selinux-policy-strict-1.27.1-2.16.noarch.rpm.
I did a touch /.autorelabel before rebooting.
I see this:
[bruce@BorgCube ~]$ su -
Password:
Error sending status request (Operation not permitted)
[root@BorgCube ~]#
The last part of the /var/log/audit/audit.log shows:
type=SYSCALL msg=audit(1138247001.111:13162965): arch=40000003
syscall=5 success=yes exit=3 a0=866125b a1=c2 a2=180 a3=3a8083 items=1
pid=8250 auid=4294967295 uid=501 gid=100 euid=0 suid=0 fsuid=0 egid=100
sgid=100 fsgid=100 comm="su" exe="/bin/su"
type=AVC msg=audit(1138247001.111:13162965): avc: denied {
create } for pid=8250 comm="su" name=.xauthVpNVFy
scontext=user_u:user_r:user_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
type=AVC msg=audit(1138247001.111:13162965): avc: denied {
add_name } for pid=8250 comm="su" name=.xauthVpNVFy
scontext=user_u:user_r:user_t tcontext=root:object_r:sysadm_home_dir_t
tclass=dir
type=AVC msg=audit(1138247001.111:13162965): avc: denied {
write } for pid=8250 comm="su" name=root dev=dm-0 ino=11392129
scontext=user_u:user_r:user_t tcontext=root:object_r:sysadm_home_dir_t
tclass=dir
type=SYSCALL msg=audit(1138247001.111:13162967): arch=40000003
syscall=207 success=yes exit=0 a0=3 a1=0 a2=0 a3=0 items=0 pid=8250
auid=4294967295 uid=501 gid=100 euid=0 suid=0 fsuid=0 egid=100 sgid=100
fsgid=100 comm="su" exe="/bin/su"
type=AVC msg=audit(1138247001.111:13162967): avc: denied {
setattr } for pid=8250 comm="su" name=.xauthVpNVFy dev=dm-0
ino=11392172 scontext=user_u:user_r:user_t
tcontext=user_u:object_r:sysadm_home_dir_t tclass=file
type=USER msg=audit(1138247001.325:13165423): user pid=8250 uid=501
auid=4294967295 msg='PAM session open: user=root exe=/bin/su
(hostname=?, addr=?, terminal=pts/2 result=Success)'
Any ideas?
If I change to strict, enforcing, will this prevent me from su to root?
Bruce