What I see in the logs is
audit(1080124752.283:0): avc: denied { write } for pid=2885 exe=/usr/bin/ssh-agent path=/home/aleksey/.xsession-errors dev=hda2 ino=310712 scontext=aleksey:staff_r:staff_ssh_agent_t tcontext=aleksey:object_r:staff_home_t tclass=file
and strace shows
getpid() = 2886 rt_sigaction(SIGPIPE, {0x1b9cc8, [], SA_RESTORER, 0x137478}, {SIG_IGN}, 8) = 0 socket(PF_UNIX, SOCK_DGRAM, 0) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 connect(3, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0 send(3, "<35>Mar 24 02:48:10 ssh-agent[2886]: error: accept from AUTH_SOCKET: Socket operation on non-socket", 99, 0) = 99 rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0 close(3) = 0 select(2, [1], [], NULL, NULL) = 1 (in [1]) accept(1, 0xfeee0800, [110]) = -1 ENOTSOCK (Socket operation on non-socket) time([1080125290]) = 1080125290 getpid() = 2886
going in circles.
On Wed, 24 Mar 2004 21:50, Aleksey Nogin aleksey@nogin.org wrote:
What I see in the logs is
audit(1080124752.283:0): avc: denied { write } for pid=2885 exe=/usr/bin/ssh-agent path=/home/aleksey/.xsession-errors dev=hda2 ino=310712 scontext=aleksey:staff_r:staff_ssh_agent_t tcontext=aleksey:object_r:staff_home_t tclass=file
Try using the attached ssh_agent_macros.te.
On 24.03.2004 04:54, Russell Coker wrote:
On Wed, 24 Mar 2004 21:50, Aleksey Nogin aleksey@nogin.org wrote:
What I see in the logs is
audit(1080124752.283:0): avc: denied { write } for pid=2885 exe=/usr/bin/ssh-agent path=/home/aleksey/.xsession-errors dev=hda2 ino=310712 scontext=aleksey:staff_r:staff_ssh_agent_t tcontext=aleksey:object_r:staff_home_t tclass=file
Try using the attached ssh_agent_macros.te.
I added the following two lines to my ssh_agent_macros.te and the problem went away, thanks!
allow $1_ssh_agent_t { home_root_t $1_home_dir_t }:dir search; allow $1_ssh_agent_t $1_home_t:file { getattr write append };
selinux@lists.fedoraproject.org
-
Aleksey Nogin -
Russell Coker