Chad Hanson wrote:
I think it is related to auditadm_r. If you just change the auditadm role,
you cannot change to levels from SystemLow to SystemHigh either.
Yes, you seem to be right. I can do the SystemHigh -> SystemLow
transition with sysadm_r and secadm_r...
Still, the question stands should auditadm_r be able to do the High->Low
change?
And the error message is still horribly wrong, and should be filed as a
bug I guess...
Mike
-Chad
-----Original Message-----
From: Michael C Thompson [mailto:[EMAIL PROTECTED]
Sent: Friday, May 12, 2006 12:42 PM
To: [email protected]
Subject: [redhat-lspp] newrole SystemHigh -> newrole SystemLow --
permitted?
Hey all,
Currently, I can't seem to be able to transition to
SystemHigh then from
the SystemHigh shell, transition to SystemLow again.
I have done the following:
newrole -r auditadm_r -l SystemHigh
<password>
<new shell>
newrole -l SystemLow
<password>
Error: incorrect password for root
The password used is indeed the correct password. Regardless of this
being an error in the policy, this sounds like a bug for the
reporting
of the reason for denial. I imagine it should say something about an
invalid context change, if indeed that is what is happening.
Is the policy supposed to permit an elevation of privilages
(in terms of
MLS), and then from that elevated shell, spawn a new lesser
privilaged
shell?
Mike
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
