Is "policycoreutils 2.0.19 or later" available as a Red Hat rpm or do I
need to download this from another source? It's much easier for me to
get approval to download directly from Red Hat then from other sources
but it looks like 1.33.12 is the current version from Red Hat.
-----Original Message-----
From: Stephen Smalley [mailto:sds@tycho.nsa.gov]
Sent: Tuesday, October 16, 2007 4:56 AM
To: Clarkson, Mike R (US SSA)
Cc: selinux(a)tycho.nsa.gov; Joshua Brindle
Subject: Re: newrole authentication
On Mon, 2007-10-15 at 16:12 -0700, Clarkson, Mike R (US SSA) wrote:
> Will someone point me to information or send me an example on how to
set
> up newrole so that is does not ask for a password, so that it
can by
> used like this within software "newrole -l s1 -- -c <cmd>"?
You need policycoreutils 2.0.19 or later, or you need to back port
that
change to whatever newrole you have.
See:
http://marc.info/?t=117769973100008&r=1&w=2
http://marc.info/?l=selinux&m=117865153827263&w=2
Then you can set up a /etc/selinux/newrole_pam.conf file with e.g.:
/path/to/cmd newrole-noauth
and you can set up a /etc/pam.d/newrole-noauth file with pam_permit.so
as the auth module.
--
Stephen Smalley
National Security Agency