sshd....denied transition...funny looking avc

Tom London selinux at comcast.net
Thu Jul 22 20:25:48 UTC 2004


[running latest FC3T1 w/ latest mods from devel tree, strict/enforcing
kernel-2.6.7-1.494, openssh-3.8.1p1-4]

Attempting to scp into this host fails with
'Read from remote host HOST: connection reset by peer'

/var/log/messages on this host shows:
Jul 22 12:05:18 fedora sshd(pam_unix)[13899]: session opened for user 
root by (uid=0)
Jul 22 12:05:18 fedora 
kernel:                                                                                                  
audit(1090523118.784:0): avc:  denied  { transition } for  pid=13899 
exe=/usr/sbin/sshd
Jul 22 12:05:26 fedora sshd(pam_unix)[13902]: session opened for user 
root by (uid=0)
Jul 22 12:05:26 fedora 
kernel:                                                                                                  
audit(1090523126.143:0): avc:  denied  { transition } for  pid=13902 
exe=/usr/sbin/sshd

[There appear to be 145 blank characters after 'kernel:' and before 'audit('
on the lines above.]

/usr/sbin/sshd appears to be labeled correctly;
-rwxr-xr-x  root     root     system_u:object_r:sshd_exec_t    
/usr/sbin/sshd

tom





More information about the selinux mailing list