Because the single-user shell in running as system_r, not as sysadm_r, many things (including su, sudo and mail) fail to work (avc messages below). It seems that running an interactive shell as system_r is wrong in the first place, and it should be sysadm_r instead. audit(1082188457.323:0): security_compute_sid: invalid context system_u:system_r:sysadm_mail_t for scontext=system_u:system_r:sysadm_t tcontext=system_u:object_r:sendmail_exec_t tclass=process audit(1082188479.788:0): security_compute_sid: invalid context system_u:system_r:newrole_t for scontext=system_u:system_r:sysadm_t tcontext=system_u:object_r:newrole_exec_t tclass=process audit(1082188495.235:0): security_compute_sid: invalid context system_u:system_r:sysadm_sudo_t for scontext=system_u:system_r:sysadm_t tcontext=system_u:object_r:sudo_exec_t tclass=process audit(1082189175.512:0): security_compute_sid: invalid context system_u:system_r:sysadm_chkpwd_t for scontext=system_u:system_r:sysadm_su_t tcontext=system_u:object_r:chkpwd_exec_t tclass=process
This is a policy bug. Is this strict or targeted policy?
Also, does it still occur - this *looks* to be fixed in the current strict policy.
> Is this strict or targeted policy? This was before the policy was split. > Also, does it still occur I am still running FC2, so I do not know.
I am marking this as fixed in Rawhide.