sshd....denied transition...funny looking avc (working with latest policy files)

Tom London selinux at comcast.net
Fri Jul 23 16:18:37 UTC 2004


Uhhh.... I just installed the latest strict policy
(selinux-policy-strict-sources-1.15.7-4) and
sshd now works......

These are now the only messages from
'ssh localhost':
Jul 23 09:14:30 fedora kernel: audit(1090599270.275:0): avc:  denied  { 
write } for  pid=13806 exe=/usr/bin/ssh name=krb5.conf dev=hda2 
ino=4474826 scontext=root:sysadm_r:sysadm_ssh_t 
tcontext=system_u:object_r:krb5_conf_t tclass=file
Jul 23 09:14:30 fedora kernel: audit(1090599270.324:0): avc:  denied  { 
write } for  pid=13806 exe=/usr/bin/ssh name=krb5.conf dev=hda2 
ino=4474826 scontext=root:sysadm_r:sysadm_ssh_t 
tcontext=system_u:object_r:krb5_conf_t tclass=file
Jul 23 09:14:34 fedora sshd(pam_unix)[13809]: session opened for user 
root by root(uid=0)

tom

Russell Coker wrote:

>On Fri, 23 Jul 2004 06:25, Tom London <selinux at comcast.net> wrote:
>  
>
>>[running latest FC3T1 w/ latest mods from devel tree, strict/enforcing
>>kernel-2.6.7-1.494, openssh-3.8.1p1-4]
>>
>>Attempting to scp into this host fails with
>>'Read from remote host HOST: connection reset by peer'
>>    
>>
>
>Please send me a .tgz format copy of your policy source directory after 
>running "make clean".  Also let me know whether you have sshd run from inetd 
>or as a daemon.
>
>  
>
>>[There appear to be 145 blank characters after 'kernel:' and before
>>'audit(' on the lines above.]
>>    
>>
>
>This is a kernel bug we've seen before.  It seemed to appear after the 
>transition to the new auditing model.
>
>  
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20040723/ffe6b32a/attachment.html 


More information about the selinux mailing list