... because user_t can't read /bin/su. rawhide-20040304, enforcing=1. Policy has been reloaded a few times.
Policy needs: allow user_t su_exec_t:file { execute getattr }; Now what?
Hmm, not that simple. So far I've needed to add: allow user_t su_exec_t:file { execute execute_no_trans getattr read }; allow user_t user_t:capability { setuid }; Does that sound right?
You need to change you user account to a staff account. Then relabel your home directories. Normal user accounts are not allowed to ececute the su command. Dan
Okay -- can you point me in the right direction for doing that? What command is it? Thanks.
That looks like something that should be mentioned in release notes (bug 114398).
That's not really consistent with the minimal policy, though. Whether that's a bug or not, I'm not sure.
User accounts can run su now. Closing.