Turning selinux back on
Daniel J Walsh
dwalsh at redhat.com
Thu Apr 15 01:06:37 UTC 2004
Brian Bober wrote:
>Daniel J Walsh wrote:
>
>
>>That is strange. The only messages you should see from fixfiles
>>is relabeling tty files.
>>
>>
>
>The following questions will probably display a level of confusion :-)
>
>Do I have to do "newrole sysadm_r" every time I run fixfiles? I was under the
>impression that you only have to do that once, and I did that when I first
>installed Fedora Core 2. The FAQ says that the role switch or whatever is part
>of su. It doesn't say in the FAQ (unless I'm missing it) whether you need to do
>that just the first time or every time. Whenever I login to root (as init 3),
>it says my default context is root:sysadm_r:sysadm_t. This means I have the
>sysadm_r role, right?
>
>
>
Yes, you have the sysadm_r. Newrole is a command to switch from the
staff_r/user_r to the sysadm_r.
If you ssh in as root you will end up in the staff_r and you need to
execute newrole to change to the sysadm_r.
>Also, is there some command like "getrole" or something to tell you what role
>you are as?
>
>
>
id -Z will show you, your current role.
>I also am wondering if it would be helpful for debugging purposes if the avc
>errors could say "denied but ignored" when you have enforcing set to permissive.
>
>
More information about the fedora-test-list
mailing list