Bug or feature, absent authorized_hosts

Vadym Chepkov vchepkov at gmail.com
Thu Aug 2 13:51:16 UTC 2012 

On Aug 2, 2012, at 8:45 AM, Daniel J Walsh wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 08/01/2012 07:57 PM, Vadym Chepkov wrote:
>> Hi,
>> 
>> Not sure if it's a bug or a "feature"
>> 
>> RHEL6.3 selinux-policy-targeted-3.7.19-155.el6_3.noarch
>> 
>> was getting bunch of these:
>> 
>> ---- time->Tue Jul 31 11:22:21 2012 type=SYSCALL
>> msg=audit(1343733741.446:154): arch=c000003e syscall=2 success=no exit=-13
>> a0=7f740329e7d0 a1=800 a2=1 a3=24 items=0 ppid=946 pid=1291 auid=4294967295
>> uid=0 gid=0 euid=1001 suid=0 fsuid=1001 egid=513 sgid=0 fsgid=513
>> tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd"
>> subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC
>> msg=audit(1343733741.446:154): avc:  denied  { read } for  pid=1291
>> comm="sshd" name="authorized_keys" dev=xvdb ino=3368578
>> scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
>> tcontext=unconfined_u:object_r:home_root_t:s0 tclass=file
>> 
>> authorized_keys file didn't even exist for root user, it is not allowed to
>> login remotely. Silenced it down by creating empty authorized_keys file
>> with ssh_home_t context.
>> 
>> Cheers, Vadym
>> 
>> -- selinux mailing list selinux at lists.fedoraproject.org 
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>> 
>> 
> 
> More like a labeling problem.
> 
> restorecon -R -v /home
> 

root's home is /root , but I don't think it's a problem

# date
Thu Aug  2 13:42:17 UTC 2012
# ls -dZ /root
dr-xr-x---. root root system_u:object_r:admin_home_t:s0 /root
# ls -dZ /root/.ssh
drwx------. root root system_u:object_r:ssh_home_t:s0  /root/.ssh
# ls -dZ .ssh/authorized_keys
ls: cannot access .ssh/authorized_keys: No such file or directory
# ssh localhost
root at localhost's password: 

# ausearch -m avc -ts recent
----
time->Thu Aug  2 13:43:03 2012
type=SYSCALL msg=audit(1343914983.632:592368): arch=c000003e syscall=2 success=no exit=-13 a0=7fc8d9bd8780 a1=800 a2=1 a3=24 items=0 ppid=946 pid=28761 auid=4294967295 uid=0 gid=0 euid=1001 suid=0 fsuid=1001 egid=513 sgid=0 fsgid=513 tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1343914983.632:592368): avc:  denied  { read } for  pid=28761 comm="sshd" name="authorized_keys" dev=xvdb ino=3368578 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=file


Cheers,
Vadym

More information about the selinux mailing list