selinux blocking ssh login in f20 cloud image

Daniel J Walsh dwalsh at redhat.com
Fri Jul 19 21:54:38 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/19/2013 11:10 AM, Matthew Miller wrote:
> So, I haven't changed anything significant in how the F20 cloud images are 
> generated from how the F19 ones were. But now, when I try to log into one 
> after booting, cloud-init runs and appears to configure everything, but 
> sshing in gives
> 
> /bin/bash: Permission denied
> 
Usually means your system is mislabeled.  I would bet that sshd is not running
as sshd_t.  Something went wrong when you built the image.
> In the logs:
> 
> Jul 19 14:56:50 localhost sshd[621]: ssh_selinux_change_context: setcon
> system_u:system_r:sshd_net_t:s0 from system_u:system_r:kernel_t:s0 failed
> with Permission denied [preauth] Jul 19 14:56:51 localhost sshd[621]:
> Accepted publickey for fedora from 192.168.77.1 port 40992 ssh2 Jul 19
> 14:56:51 localhost systemd: Starting user-1000.slice. Jul 19 14:56:51
> localhost systemd: Created slice user-1000.slice. Jul 19 14:56:51 localhost
> systemd: Starting User Manager for 1000... Jul 19 14:56:51 localhost
> systemd: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation
> not permitted Jul 19 14:56:51 localhost systemd: Starting Session 1 of user
> fedora. Jul 19 14:56:51 localhost systemd-logind: New session 1 of user
> fedora. Jul 19 14:56:51 localhost systemd: Started Session 1 of user
> fedora. Jul 19 14:56:51 localhost systemd: Started User Manager for 1000. 
> Jul 19 14:56:51 localhost sshd[621]: pam_unix(sshd:session): session opened
> for user fedora by (uid=0) Jul 19 14:56:51 localhost sshd[627]:
> ssh_selinux_copy_context: setcon failed with Permission denied Jul 19
> 14:56:51 localhost sshd[627]: Received disconnect from 192.168.77.1: 11:
> disconnected by user Jul 19 14:56:51 localhost sshd[621]:
> pam_unix(sshd:session): session closed for user fedora Jul 19 14:56:51
> localhost systemd-logind: Removed session 1. Jul 19 14:56:51 localhost
> systemd: Stopping user-1000.slice. Jul 19 14:56:51 localhost systemd:
> Removed slice user-1000.slice
> 
> Is this a policy bug? Something new which is failing on image build? 
> Something else?
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHptZ4ACgkQrlYvE4MpobNqkwCgsMfVdIRBsEFEqgHb5v00HfR9
jaIAoNw8GUPmVzYZgRgb1yB3JuYjbOzt
=jiIb
-----END PGP SIGNATURE-----

More information about the selinux mailing list