Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 119320 - su invalidly prompts for security context
Summary: su invalidly prompts for security context
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: pam
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 122683
TreeView+ depends on / blocked
 
Reported: 2004-03-29 14:25 UTC by Gene Czarcinski
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-12-27 15:01:21 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Gene Czarcinski 2004-03-29 14:25:06 UTC 
Description of problem:
I have two regular (non root) users defined and an admin user too.  I
am loged in as the admin user.  If I try to su to the regular user
   su - genec
I am prompted to see if I want to change the security context (defualt
=y) but nothing entered seems to work.  There are no alternate
contexts defined for this user.

If I use ssh to try and login from another system .. I get in, no prompts.

Per Dan Walsh:

"The ssh behavior is currect.  The only time you should get prompted
for security contexts is if the user has the ability to have more than
one security context."
Comment 1 Gavin Scott 2004-04-01 19:18:01 UTC 
I had a similar problem, but perhaps worse (you don't mention whether
you were able to log in directly as the two regular users).  

This was immediately after a fresh install of Core2 Test2 onto a clean
partition.  After doing the cd install (with permissive selinux chosen
from the firewall screen) and rebooting, during "first boot"
initialization gui dialogs I set up a new user account.  However when
I went to log in as that user I was unable to.  Investigation revealed
the user hadn't been created.  No entry in /etc/passwd, no directory
in /home.

So I logged in as root and used the gui User admin tool to create the
new user.  This time the user was created.

On trying to log in as that user I would get:

via gdm: popup saying something like "executable context not allowed",
click ok bombs me back to gdm.

via console: same message you received (change security context, tried
entering user_r/user_t, which wasn't accepted).

via su (from root): same security context message

didn't try ssh.

Running:

fixfiles relabel
reboot

fixed things for me.
Comment 2 Tomas Mraz 2004-11-16 18:41:18 UTC 
Please try with latest Fedora Core.
Comment 3 Tomas Mraz 2004-12-27 15:01:21 UTC 
I don't see such problems with FC3 and targeted selinux policy.
Note You need to log in before you can comment on or make changes to this bug.