On Sat, 21 Jan 2017 18:04:51 +0000 Robert Sharp <seli...@sharp.homelinux.org> wrote:
> type=AVC msg=audit(1485020695.038:10368): avc: denied
> { create } for pid=20374 comm="su"
> scontext=staff_u:sysadm_r:sysadm_su_t tcontext=root:sysadm_r:sysadm_t
> tclass=key permissive=1
I haven't looked at this in detail, so please forgive me if my answer
is utter nonsense: Have you considered that this denial might be caused
by UBAC (that's the fancy name for the restrictions refpolicy places
upon interactions between different selinux users, staff_u and root in
this case)?
Anyway, personally I've never tried making su work with SELinux.
"sudo -r sysadm_r -t sysadm_t" works like a charm.
Regards,
Luis Ressel
pgpPP56t5YQ_2.pgp
Description: OpenPGP digital signature
