|Main Archive Page > Month Archives > selinux archives|
Perhaps you could install (when still in permissive mode) a custom module containing the rules generated by audit2allow.
cat /var/log/audit/audit.log | audit2allow -m local > local.te
eventually edit local.te to suit your needs and then do:
checkmodule -M -m -o local.mod local.te
semodule_package -o local.pp -m local.mod semodule -i local.pp
In your particular case, I see that you cannot do "ls" from su because of some of the user_su_t denials and you cannot get a new login because of the getty_t and sysadm_t denials and perhaps others.
Guido -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to email@example.com with the words "unsubscribe selinux" without quotes as the message.