I am using Fedora 9 with the MLS policy. I have been using it in permissive mode for a while (integrating SELinux with a DBMS and its objects) and now must do some work/testing in enforcing mode. As soon as I switch to enforcing mode I seem unable to perform any action which requires privilege.

What is the anticipated method to shutdown/reboot the system and to toggle the enforcing mode while in MLS/Enforcing? What I assumed was to transition to an appropriate role (sysadm_r and secadm_r respectively) and then issue the corresponding command (shutdown and setenforce). This fails and I believe my difficulty is that in both cases I need to also be the linux root user. There does not seem to be an obvious way to execute a command as the lunux root user as neither su nor sudo seem available while in the sysadm_r and secadm_r roles. Executing something like seaudit while in the auditadm_r role fails to allow me to authenticate as root. Despite being the correct password it continuously loops asking for the password.

As a related but less important question, in general, is it intended that a user initially have the staff_r role upon login and then transition to a more trusted role (i.e., secadm_r) using the newrole command? (as opposed to having the secadm_r upon login.

Thanks for any help,

Andy