Description of problem: coreutils = 5.2.1-5, policy = 1.20.2-5 Login as sysadm_r user (not root). do "su -" and don't change role, OK do "su -" and attempt to change role to sysadm_r (select 1), OK do "su -" and attempt to change role to staff_r (select 2), get "broken pipe" and su does not occur. From /var/log/messages: Apr 11 16:28:08 hummer kernel: audit(1081715288.555:0): avc: denied { read } for pid=8838 exe=/usr/X11R6/bin/xauth name=.xauthYM28H1 dev=hda10 ino=65574 scontext=root:staff_r:staff_t tcontext=czarcing:object_r:staff_home_dir_t tclass=file I was going to file this against coreutils but it looks more like policy now.
BTW, if I "su -" and do not change the role but then do newrole -r staff_r It works. .... Maybe this is su (coreutils) afterall??
Fixed in latest policy. policy-1.11.2-17