On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
We have an selinux user specialuser_u defined. The outputs of the
semanage command are as seen below
semanager user –l
admin_u user s0 SystemLow-SystemHigh
system_r sysadm_r
guest_u guest s0 s0 guest_r
remotesupport_u user s0 SystemLow-SystemHigh
system_r sysadm_r
root sysadm s0 SystemLow-SystemHigh
system_r sysadm_r
specialuser_u user s0 s0
system_r sysadm_r
staff_u staff s0 SystemLow-SystemHigh
sysadm_r staff_r
sysadm_u sysadm s0 SystemLow-SystemHigh
sysadm_r
system_u user s0 SystemLow-SystemHigh
system_r
Now, we see the following in our log files
pam_selinux(sshd:session): Error! Unable to set executable context
€‡\ ialuser_u:sysadm_r:sysadm_t.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context
€×ª_ialuser_u:sysadm_r:sysadm_t:s0.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context
€gb ialuser_u:sysadm_r:sysadm_t.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context €
³_ialuser_u:sysadm_r:sysadm_t:s0.
/etc/pam.d/sshd looks as follows
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session required pam_selinux.so
Could anyone help us with why we are seeing these error messages and why
the specialuser_u is corrupted with control chars?
Sounds like a memory corruption bug in pam_selinux. Bugzilla?