Re: OpenSSH-5.3p1 selinux problem on CentOS-5.4.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, February 4, 2010 12:00, Ned Slider wrote:
>
>
> I was under the impression that sshd runs unconfined in the current
> CentOS?
>
> $ ps axZ | grep sshd
> system_u:system_r:unconfined_t:SystemLow-SystemHigh 2766 ? Ss   0:00
> /usr/sbin/sshd
>
> For example, you don't need to change the ssh_port in SELinux when
> running the sshd on an alternative port, I assume because sshd is
> running unconfined.
>
> Also, it makes little sense to me to run sshd in a confined domain
> as an ssh login will give the user a login (bash) shell, which also
> runs unconfined:
>
> $ ps axZ | grep bash
> user_u:system_r:unconfined_t     8504 pts/3    Ss     0:00 /bin/bash
> user_u:system_r:unconfined_t    16789 pts/4    Ss     0:00 /bin/bash
>
> Or maybe I totally misunderstand?
>
>

Interesting.  The OpenSSH-5.3p1 sshd that I built without selinux
enabled runs in this domain:

# ps axZ | grep sshd
user_u:system_r:initrc_t         1981 ?        Ss     0:00
/opt/sbin/sshd


Whereas the CentOS-5.4 OpenSSH sshd runs like this:
# ps axZ | grep ssh
system_u:system_r:unconfined_t:SystemLow-SystemHigh 2681 ? Ss   0:00
/usr/sbin/sshd


-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux