Selinux: SSH broken after F-13 --> F-14 upgrade

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

I've recently upgraded my system, but after that I was not able to connect through ssh. More things are wrong (from my POV):
1)SELinux blocks all nondefault ports for ssh

I have ssh confugured to use different port than 22 for security reasons and I think there is a lot of people doing that.

Question: Is it worth blocking all ports for ssh?

2)SELinux did not show any sealert warning about this. Running sealert -b shows no problem. There is one message in /var/log/messages:
kernel: [90346.301108] type=1400 audit(1286901219.350:29): avc:  denied  { name_bind } for  pid=6830 comm="sshd" src=6520 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

Question: This should be reported afaik, so it's a bug, right?

3)After checking /var/log/boot.log there is "Starting ssh ... [ OK ]". 
I get the same success info after "service sshd start", but immediate service sshd status returns "openssh-daemon is stopped", but I'm not sure if this is fixable because all that daemonize and other stuff.

Question: What does other network daemons (httpd,...) do? Do they start successfully (from initscript's POV) when they can't use configured port?

I'm really glad I've found this out before updating my headless F-12 server. 

2 of 3 questions are about SELinux, ccing Dan.

Michal
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux