Excerpts from Daniel J Walsh's message of 2014-01-03 01:46:44 +1000: > This is caused by sshd running with the wrong label, It should be > running as sshd_t not init_t. If the executable labeled sshd_exec_t? > > ls -lZ /usr/sbin/sshd > > restorecon -v /usr/sbin/sshd > > should fix the label. I started getting the same AVC denials a week or so ago. My /usr/sbin/sshd was indeed wrongly labelled: $ ll -Z /usr/sbin/sshd -rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0 /usr/sbin/sshd $ sudo restorecon -v /usr/sbin/sshd restorecon reset /usr/sbin/sshd context unconfined_u:object_r:bin_t:s0->unconfined_u:object_r:sshd_exec_t:s0 What I'm wondering is, how did it become wrongly labelled? Nothing else on my filesystem was wrong, according to restorecon. The errors only appear in my logs after sshd was restarted on 24 Feb for a yum upgrade. The updated packages included: selinux-policy-3.12.1-122.fc20.noarch openssh-server-6.4p1-3.fc20.x86_64 (among many others). Any hints on how I can figure out what went wrong with the labelling of /usr/sbin/sshd? -- Dan Callaghan <dcallagh@xxxxxxxxxx> Software Engineer, Hosted & Shared Services Red Hat, Inc.
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
