On Tue, Aug 5, 2008 at 8:55 AM, Dennis Wronka <linuxweb@gmx.net> wrote:
> Hi folks,
>
> I'd like to ask about a problem I am experiencing with newrole.
> When I use newrole in permissive-mode I have no problems changing the role.
> Also I don't get any audit-messages.
> But when I switch to enforcing-mode I cannot use newrole, it keeps telling
> me "incorrect password for root", although it clearly is correct.
> I suspect a problem in interaction between newrole and unix_chkpwd, but am not
> entirely sure about it.
>
> Problem is that I don't get any audits from SELinux, only errors in auth.log
> from unix_chkpwd:
> check_pass; user unknown
> password check failer for user (root)
>
> I am working with the latest reference-policy, adjusted here and there to fit
> the needs of my distro.
>
> Thanks for any suggestions.
>
> Dennis
>

You can try using `semodule -DB` to turn off the dontaudits and see if you get any AVCs then.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.