No AVC when sshd is mislabeled
Jorge Fábregas
jorge.fabregas at gmail.com
Sun Dec 12 13:27:01 UTC 2010
Hi,
On my Fedora 12 system I changed - on purpose - the label for the sshd binary.
I gave it httpd_exec_t and tried to start it with the service command to see
what happens. I got:
Starting sshd: Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
..which is expected as "httpd_t" doesn't have access to these files.
My question is: Why don't I get any AVC errors for this? I was expecting
something like "httpd_t is ttrying to read files labeled as sshd_key_t..."
There's nothing in /var/log/audit/audit.log (I'm using auditd).
Are there any "dontaudit" rules for these types of access that causes SELinux
not to log these?
Regards,
Jorge
More information about the selinux
mailing list