sshd....denied transition...funny looking avc (working with latest policy files)
Tom London
selinux at comcast.net
Fri Jul 23 16:18:37 UTC 2004
Uhhh.... I just installed the latest strict policy
(selinux-policy-strict-sources-1.15.7-4) and
sshd now works......
These are now the only messages from
'ssh localhost':
Jul 23 09:14:30 fedora kernel: audit(1090599270.275:0): avc: denied {
write } for pid=13806 exe=/usr/bin/ssh name=krb5.conf dev=hda2
ino=4474826 scontext=root:sysadm_r:sysadm_ssh_t
tcontext=system_u:object_r:krb5_conf_t tclass=file
Jul 23 09:14:30 fedora kernel: audit(1090599270.324:0): avc: denied {
write } for pid=13806 exe=/usr/bin/ssh name=krb5.conf dev=hda2
ino=4474826 scontext=root:sysadm_r:sysadm_ssh_t
tcontext=system_u:object_r:krb5_conf_t tclass=file
Jul 23 09:14:34 fedora sshd(pam_unix)[13809]: session opened for user
root by root(uid=0)
tom
Russell Coker wrote:
>On Fri, 23 Jul 2004 06:25, Tom London <selinux at comcast.net> wrote:
>
>
>>[running latest FC3T1 w/ latest mods from devel tree, strict/enforcing
>>kernel-2.6.7-1.494, openssh-3.8.1p1-4]
>>
>>Attempting to scp into this host fails with
>>'Read from remote host HOST: connection reset by peer'
>>
>>
>
>Please send me a .tgz format copy of your policy source directory after
>running "make clean". Also let me know whether you have sshd run from inetd
>or as a daemon.
>
>
>
>>[There appear to be 145 blank characters after 'kernel:' and before
>>'audit(' on the lines above.]
>>
>>
>
>This is a kernel bug we've seen before. It seemed to appear after the
>transition to the new auditing model.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20040723/ffe6b32a/attachment.html
More information about the selinux
mailing list