su, context(selinux?) 2nd prompt
Daniel J Walsh
dwalsh at redhat.com
Wed Jan 25 17:06:54 UTC 2006
Rex Dieter wrote:
> Daniel J Walsh wrote:
>
>
>
>>>> On Mon, 23 Jan 2006, Rex Dieter wrote:
>>>>
>>>>
>>>>
>>>>> With a recent update of CentOS4, su's behavior has changed, in that
>>>>> after
>>>>> prompting for password, also prompts for (selinux?) context. I'm
>>>>> seeing something like:
>>>>> $ su
>>>>> Password:
>>>>> Your default context is root:system_r:unconfined_t.
>>>>>
>>>>> Do you want to choose a different one? [n]
>>>>>
>>>>>
>>>>> kde's kdesu barfs on this second prompt. Any way to disable this
>>>>> second prompt?
>>>>>
>
>
>> Remove multiple from the pam file.
>>
>
> editing /etc/pam.d/su, changing
> session required /lib/security/$ISA/pam_selinux.so open multiple
> to
> session required /lib/security/$ISA/pam_selinux.so open
>
> Did the trick, thanks Dan!
>
> # rpm -q -f /etc/pam.d/su
> coreutils-5.2.1-31.2
>
>
You can actually remove the pam_selinux.so lines from the su file
altogether. We have done this for FC5 and it works
fine. In strict or MLS Policy you will be required to run newrole but
in targeted everything should just work.
Dan
> A bug in coreutils-5.2.1-31.2 then?
>
> -- Rex
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
More information about the selinux
mailing list