With a recent update of CentOS4, su's behavior has changed, in that after prompting for password, also prompts for (selinux?) context. I'm seeing something like: $ su Password: Your default context is root:system_r:unconfined_t.
Do you want to choose a different one? [n]
kde's kdesu barfs on this second prompt. Any way to disable this second prompt?
-- Rex
Weird, I'm not seeing this...
On Mon, 23 Jan 2006, Rex Dieter wrote:
With a recent update of CentOS4, su's behavior has changed, in that after prompting for password, also prompts for (selinux?) context. I'm seeing something like: $ su Password: Your default context is root:system_r:unconfined_t.
Do you want to choose a different one? [n]
kde's kdesu barfs on this second prompt. Any way to disable this second prompt?
-- Rex
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Maciej Żenczykowski wrote:
Weird, I'm not seeing this...
Are using an selinux-enabled CentOS 4.2 (or RHEL4U2) box?
-- Rex
On Mon, 23 Jan 2006, Rex Dieter wrote:
With a recent update of CentOS4, su's behavior has changed, in that after prompting for password, also prompts for (selinux?) context. I'm seeing something like: $ su Password: Your default context is root:system_r:unconfined_t.
Do you want to choose a different one? [n]
kde's kdesu barfs on this second prompt. Any way to disable this second prompt?
-- Rex
Weird, I'm not seeing this...
Are using an selinux-enabled CentOS 4.2 (or RHEL4U2) box?
Yes, an up2date Centos 4.2 box with selinux at the default targeted value.
However: $ su - Password: # selinuxenabled; echo $? 0 # getenforce Enforcing # dmesg | grep audit audit: initializing netlink socket (disabled) audit(1137427005.934:1): initialized audit(1137427089.579:2): avc: denied { search } for pid=2250 comm="syslogd" name="spool" dev=dm-2 ino=313610 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:var_spool_t tclass=dir
But I guess it's only enabled for selected daemons... Cheers, MaZe.
Maciej Żenczykowski wrote:
Weird, I'm not seeing this...
Are using an selinux-enabled CentOS 4.2 (or RHEL4U2) box?
Yes, an up2date Centos 4.2 box with selinux at the default targeted value.
However: $ su - Password: # selinuxenabled; echo $? 0 # getenforce Enforcing
Interesting. All our boxes that show this behavior were installed originally CentOS 4.1, and upgraded to 4.2. Further, my personal box is only using selinux in permissive mode (too much breakage), but I still see the second prompt.
-- Rex
-
Jim Perrin -
Maciej Żenczykowski -
Rex Dieter