Is "policycoreutils 2.0.19 or later" available as a Red Hat rpm or do I need to download this from another source? It's much easier for me to get approval to download directly from Red Hat then from other sources but it looks like 1.33.12 is the current version from Red Hat.
-----Original Message----- From: Stephen Smalley [mailto:sds@tycho.nsa.gov] Sent: Tuesday, October 16, 2007 4:56 AM To: Clarkson, Mike R (US SSA) Cc: selinux@tycho.nsa.gov; Joshua Brindle Subject: Re: newrole authentication
On Mon, 2007-10-15 at 16:12 -0700, Clarkson, Mike R (US SSA) wrote:
Will someone point me to information or send me an example on how to
set
up newrole so that is does not ask for a password, so that it can by used like this within software "newrole -l s1 -- -c <cmd>"?
You need policycoreutils 2.0.19 or later, or you need to back port
that
change to whatever newrole you have.
See: http://marc.info/?t=117769973100008&r=1&w=2 http://marc.info/?l=selinux&m=117865153827263&w=2
Then you can set up a /etc/selinux/newrole_pam.conf file with e.g.: /path/to/cmd newrole-noauth and you can set up a /etc/pam.d/newrole-noauth file with pam_permit.so as the auth module.
-- Stephen Smalley National Security Agency
selinux@lists.fedoraproject.org