pam_selinux(sshd:session): Error! Unable to set executable context
Radha Venkatesh (radvenka)
radvenka at cisco.com
Thu Oct 18 16:59:49 UTC 2012
We have an selinux user specialuser_u defined. The outputs of the semanage command are as seen below
semanager user –l
admin_u user s0 SystemLow-SystemHigh system_r sysadm_r
guest_u guest s0 s0 guest_r
remotesupport_u user s0 SystemLow-SystemHigh system_r sysadm_r
root sysadm s0 SystemLow-SystemHigh system_r sysadm_r
specialuser_u user s0 s0 system_r sysadm_r
staff_u staff s0 SystemLow-SystemHigh sysadm_r staff_r
sysadm_u sysadm s0 SystemLow-SystemHigh sysadm_r
system_u user s0 SystemLow-SystemHigh system_r
Now, we see the following in our log files
pam_selinux(sshd:session): Error! Unable to set executable context €‡\ ialuser_u:sysadm_r:sysadm_t.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context €×ª_ialuser_u:sysadm_r:sysadm_t:s0.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context €gb ialuser_u:sysadm_r:sysadm_t.
…
…
…
pam_selinux(sshd:session): Error! Unable to set executable context € ³_ialuser_u:sysadm_r:sysadm_t:s0.
/etc/pam.d/sshd looks as follows
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session required pam_selinux.so
Could anyone help us with why we are seeing these error messages and why the specialuser_u is corrupted with control chars?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20121018/57dd0dea/attachment.html>
More information about the selinux
mailing list