[CentOS] /bin/su wont work inside a chroot?

Mon Aug 2 00:31:11 UTC 2010
Gordon Messmer <yinyang at eburg.com>

On 08/01/2010 08:01 AM, Jason Pyeron wrote:
> So my hack will not work either...
> [root at devserver21 ~]# echo 0>/selinux/enforce
> [root at devserver21 ~]# chroot /var/mnt/192.168.1.52
> [root at devserver21 /]# passwd apache
> passwd: user_u:system_r:initrc_t is not authorized to change the password of
> apache

How'd you end up in that context?  Did you boot to single-user mode?

I only have CentOS 5 on which to test.  On the host, root normally logs 
in to an unconfined domain:

# id
uid=0(root) gid=0(root) 
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) 
context=user_u:system_r:unconfined_t

If I chroot, I'm still unconfined:

# chroot /var/lib/mock/centos-5-x86_64/root/
bash-3.2# id
uid=0(root) gid=0(root) 
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) 
context=user_u:system_r:unconfined_t:s0

... and why you'd be getting SELinux warnings after disabling enforcing 
mode is odd, too.  What to "getenforce" and "setenforce permissive" tell 
you?  Is /selinux actually a mounted filesystem?