Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 119320

Summary: su invalidly prompts for security context
Product: [Fedora] Fedora Reporter: Gene Czarcinski <gczarcinski>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dwalsh, gavindscott
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-12-27 15:01:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 122683    

Description Gene Czarcinski 2004-03-29 14:25:06 UTC 
Description of problem:
I have two regular (non root) users defined and an admin user too.  I
am loged in as the admin user.  If I try to su to the regular user
   su - genec
I am prompted to see if I want to change the security context (defualt
=y) but nothing entered seems to work.  There are no alternate
contexts defined for this user.

If I use ssh to try and login from another system .. I get in, no prompts.

Per Dan Walsh:

"The ssh behavior is currect.  The only time you should get prompted
for security contexts is if the user has the ability to have more than
one security context."
Comment 1 Gavin Scott 2004-04-01 19:18:01 UTC 
I had a similar problem, but perhaps worse (you don't mention whether
you were able to log in directly as the two regular users).  

This was immediately after a fresh install of Core2 Test2 onto a clean
partition.  After doing the cd install (with permissive selinux chosen
from the firewall screen) and rebooting, during "first boot"
initialization gui dialogs I set up a new user account.  However when
I went to log in as that user I was unable to.  Investigation revealed
the user hadn't been created.  No entry in /etc/passwd, no directory
in /home.

So I logged in as root and used the gui User admin tool to create the
new user.  This time the user was created.

On trying to log in as that user I would get:

via gdm: popup saying something like "executable context not allowed",
click ok bombs me back to gdm.

via console: same message you received (change security context, tried
entering user_r/user_t, which wasn't accepted).

via su (from root): same security context message

didn't try ssh.

Running:

fixfiles relabel
reboot

fixed things for me.
Comment 2 Tomas Mraz 2004-11-16 18:41:18 UTC 
Please try with latest Fedora Core.
Comment 3 Tomas Mraz 2004-12-27 15:01:21 UTC 
I don't see such problems with FC3 and targeted selinux policy.