ok so now I get it a bit, anyway selinux is still misconfigured here. I've created a pastebin with my current denials, if could you look at it: http://pastebin.com/uNRcaeUT
and semodule -l prints out: ------ alsa 1.11.0 application 1.2.0 arpwatch 1.10.0 authlogin 2.3.0 automount 1.13.0 bootloader 1.13.0 cgroup 1.1.0 clock 1.6.0 consolekit 1.8.0 consoletype 1.10.0 courier 1.12.0 cpufreqselector 1.3.0 cron 2.4.0 daemontools 1.2.0 dbus 1.16.0 dhcp 1.9.0 dmesg 1.3.0 dnsmasq 1.9.0 fstools 1.15.0 getty 1.9.0 gnome 2.2.0 gpg 2.5.0 gpm 1.8.0 hostname 1.7.0 hotplug 1.15.0 init 1.18.0 iptables 1.13.0 java 2.5.0 libraries 2.8.0 locallogin 1.11.0 logging 1.18.0 logrotate 1.14.0 lvm 1.13.0 miscfiles 1.9.0 modutils 1.12.0 mono 1.8.0 mount 1.14.0 mozilla 2.5.0 mplayer 2.4.0 mta 2.4.0 netutils 1.11.0 networkmanager 1.14.0 nscd 1.10.0 openvpn 1.11.0 policykit 1.2.0 portage 1.12.0 privoxy 1.11.0 psad 1.0.0 qemu 1.6.0 qmail 1.5.0 raid 1.11.0 rsync 1.11.0 samba 1.14.0 screen 2.5.0 selinuxutil 1.16.0 ssh 2.3.0 staff 2.3.0 storage 1.10.0 su 1.12.0 sudo 1.9.0 sysadm 2.4.0 sysnetwork 1.13.0 thunderbird 2.3.0 tor 1.8.0 ucspitcp 1.3.0 udev 1.14.0 ulogd 1.2.0 unconfined 3.4.0 unprivuser 2.3.0 userdomain 4.7.0 usermanage 1.17.0 virt 1.4.0 wine 1.10.0 wireshark 2.3.0 xdg 1.0.0 xfs 1.6.0 xscreensaver 1.1.0 xserver 3.7.0 ------ thanks Ivan On Sun, Jul 22, 2012 at 6:07 PM, Sven Vermeulen <[email protected]> wrote: > On Sun, Jul 22, 2012 at 01:55:08PM +0200, Ivan Gooten wrote: > [...] > > which results in console for user root context like > > "root:sysadm_r:sysadm_t", > > That's good. > > > whereas in X11 terminal, (after switching from ivan user to root by su -) > > -> "staff_u:staff_r:staff_t". > > That's almost good ;-) > > > I understand that in X11 term I'll have to "newrole -r sysadm_r" for root > > everytime, when I will want to administrate the system? > > Yes, you need to switch roles (first switch roles, then use su(do)) every > time you need to do administrative changes (or queries) on the system. The > staff_r role is for regular operations (user) whereas sysadm_r is for > system > administration. > > > And what about the context's difference between root (root:...) logged > from > > console and root (staff_u:...) logged via x11 terminal - is that wrong? > > No, that's not wrong. If you log on directly as root, then your SELinux > user > (the first part in the context) is "root". If you log on as someone else, > you get that SELinux user (such as "staff_u") which remains throughout your > session (SELinux users don't change, even when you do "su"). > > Wkr, > Sven Vermeulen > >
