-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Oct 24, 2006, at 2:42 PM, Stephen Smalley wrote:
On Tue, 2006-10-24 at 14:17 -0400, David Nedrow wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Has anyone successfully switched from targeted to strict policies under either FC5 or FC6?
Does anyone have an idea as to what I'm missing?
Prior to FC5, I had no problems with the strict policy.
A few observations:
- root is not necessarily all powerful under SELinux; it depends on
what role/domain he has. What does id show? root often has to first newrole -r sysadm_r in order to assume administrative privileges under strict policy.
Aha. That was it.
To enable other users to assume admin privileges, you will need to map them to staff_u using semanage so that they can newrole to sysadm_r and then run su or sudo as appropriate.
Thanks for the info.
David