Switching user should use runuser which is the same as su except it does not run through the pam stack. Meaning if root runs it, the code will work, IE It will change the user for you.
That's easy enough to do. Can you provide the reasoning behind the request? I see in the man page written by you: "As runuser doesn't run auth and account PAM hooks, it runs with lower overhead than su." That seems like a dubious reason given that it runs only daily. Are there other reasons? (I'm happy to hear "consistency in Fedora" or similar if that's the case). It looks like a simple replacement of "su" below with "runuser" should work: su -s /bin/sh -c \ "nice polipo -x -c $CONFIG_FILE forbiddenFile=$FORBIDDEN_FILE > /dev/null" \ polipo can you confirm that would be correct?
No the reason we built runuser many years ago was to stop random AVC messages caused by the pam stack. For example you are running through lots of pam code for a confined domain that probably does not need it, since all you really need is to change the user. Examples of bogus SELinux errors are, getattr on fprint device or smartcard devices.
polipo-1.0.4.1-9.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/polipo-1.0.4.1-9.fc18
Package polipo-1.0.4.1-9.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing polipo-1.0.4.1-9.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-19595/polipo-1.0.4.1-9.fc18 then log in and leave karma (feedback).
polipo-1.0.4.1-9.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.