I'm seeing these SELinux messages, and have been trying to learn how to
config SELinux to allow the script to sudo.  CLI works fine with sudo.

"SELinux is preventing /bin/bash "execute" access on /usr/bin/sudo."
"SELinux is preventing /bin/bash "getattr" access on /usr/bin/sudo."

It seems I must create a "local policy module".  Anyone know this  
stuff and
can confirm?  I've been Googling up a storm looking for others that have
already done this but have not found anything.  I found the
/usr/share/selinux/ dir structure with some existing ones, but nothing  
with
sudo in the name.  Will need to figure out how to create it.

I also tried setting the -r (role) and -t (type) arguments to the sudo
command before embarking on a policy module.  So I'm not sure if that  
should
work on its own (maybe using incorrect values or something) or selinux  
needs
config with or without the sudo args too?

Or is there a better way to invoke a privileged command as non-root user
than sudo?

----------------

You can create a local selinux module by using audit2allow as root.

1) grep "sudo" /var/log/audit/audit.log | audit2allow -M sudobashfix
2) semodule -i sudobashfix.pp

Regards,

Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20100609/9107073f/attachment.htm