Re: [Non-DoD Source] An selinux issue
On 03/07/2018 03:18 PM, m.roth(a)5-cent.us wrote:
CentUS 7.4
From sealert:
SELinux is preventing /usr/sbin/sshd from read access on the file
/etc/ssh/moduli.
***** Plugin restorecon (94.8 confidence) suggests
************************
If you want to fix the label.
/etc/ssh/moduli default label should be etc_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /etc/ssh/moduli
<...>
Additional Information:
Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023
Target Context system_u:object_r:unlabeled_t:s0
Target Objects /etc/ssh/moduli [ file ]
Source sshd
Source Path /usr/sbin/sshd
---------
Except:
ls -laFZ /etc/ssh/moduli
-rw-r--r--. root root system:object_r:etc_t:s0 /etc/ssh/moduli
NB: You have "system" rather than "system_u" above, unless that's
a typo. Which would be an invalid user identity, and thus an invalid security context,
and therefore mapped to the unlabeled context at runtime.
Is it wrong in your file_contexts configuration?
If not, then restorecon -F -v /etc/ssh/moduli should fix (by default, restorecon
doesn't touch user identity since it reflects creator and can vary).
ls -laFZ /usr/sbin/sshd
-rwxr-xr-x. root root system_u:object_r:sshd_exec_t:s0 /usr/sbin/sshd*
And I even restarted sshd. So, what's selinux seeing that I'm not?
mark
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org