sshd....denied transition...funny looking avc

Stephen Smalley sds at epoch.ncsc.mil
Mon Jul 26 15:14:13 UTC 2004


On Thu, 2004-07-22 at 16:25, Tom London wrote:
> [running latest FC3T1 w/ latest mods from devel tree, strict/enforcing
> kernel-2.6.7-1.494, openssh-3.8.1p1-4]
> 
> Attempting to scp into this host fails with
> 'Read from remote host HOST: connection reset by peer'

Looks like run_ssh_inetd tunable was enabled (wrongly) in tunable.te;
this replaces the normal transition from initrc_t (normal daemon
startup) with one from inetd_t (inetd-based startup), so sshd is left in
the wrong domain.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the selinux mailing list