Stephen Smalley wrote:
On 03/07/2018 03:18 PM, m.roth(a)5-cent.us wrote:
> CentUS 7.4
>
> From sealert:
> SELinux is preventing /usr/sbin/sshd from read access on the file
> /etc/ssh/moduli.
>
> ***** Plugin restorecon (94.8 confidence) suggests
> ************************
>
> If you want to fix the label.
> /etc/ssh/moduli default label should be etc_t.
> Then you can run restorecon.
> Do
> # /sbin/restorecon -v /etc/ssh/moduli
> <...>
> Additional Information:
> Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023
> Target Context system_u:object_r:unlabeled_t:s0
> Target Objects /etc/ssh/moduli [ file ]
> Source sshd
> Source Path /usr/sbin/sshd
> ---------
>
> Except:
> ls -laFZ /etc/ssh/moduli
> -rw-r--r--. root root system:object_r:etc_t:s0 /etc/ssh/moduli
NB: You have "system" rather than "system_u" above, unless that's
a typo.
Which would be an invalid user identity, and thus an invalid security
context, and therefore mapped to the unlabeled context at runtime.
Is it wrong in your file_contexts configuration?
If not, then restorecon -F -v /etc/ssh/moduli should fix (by default,
restorecon doesn't touch user identity since it reflects creator and can
vary).
Thank you, Stephen. As I see it was happening at least once every half
hour, and it hasn't happened since I fixed that, it looks like that was
the answer.
mark