sshd constraint violation issue
Miroslav Grepl
mgrepl at redhat.com
Fri Aug 26 18:51:55 UTC 2011
Together with Dan Walsh, Jan Chadima we made some changes in the openssh
package.
But we have the following issue with the following code
...
if (internal-sftp)
setuid()
getexecon(&scon)
setcon(scon)
freecon(scon)
...
We have
allow sshd_t unpriv_userdomain:process dyntransition
rule but we get a constraint violation with the following AVC msg
type=AVC msg=audit(1314348650.561:7910): avc: denied { dyntransition }
for
pid=555 comm="sshd"
scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=staff_u:staff_r:staff_t:s0
because of
constrain process dyntransition
(
u1 == u2 and r1 == r2
)
My question is why dyntrans is not allowed to change USER or ROLE.
https://bugzilla.redhat.com/show_bug.cgi?id=729648
Regards,
Miroslav
More information about the selinux
mailing list