No AVC when sshd is mislabeled
Ted Toth
txtoth at gmail.com
Sun Dec 12 14:42:59 UTC 2010
Disable the dontaudits and see (semodule -DB).
2010/12/12 Jorge Fábregas <jorge.fabregas at gmail.com>:
> Hi,
>
> On my Fedora 12 system I changed - on purpose - the label for the sshd binary.
> I gave it httpd_exec_t and tried to start it with the service command to see
> what happens. I got:
>
> Starting sshd: Could not load host key: /etc/ssh/ssh_host_rsa_key
> Could not load host key: /etc/ssh/ssh_host_dsa_key
>
> ..which is expected as "httpd_t" doesn't have access to these files.
>
> My question is: Why don't I get any AVC errors for this? I was expecting
> something like "httpd_t is ttrying to read files labeled as sshd_key_t..."
> There's nothing in /var/log/audit/audit.log (I'm using auditd).
>
> Are there any "dontaudit" rules for these types of access that causes SELinux
> not to log these?
>
> Regards,
> Jorge
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
More information about the selinux
mailing list