Excerpts from Dan Callaghan's message of 2014-03-06 16:43:26 +1000: > Excerpts from Daniel J Walsh's message of 2014-01-03 01:46:44 +1000: > > This is caused by sshd running with the wrong label, It should be > > running as sshd_t not init_t. If the executable labeled sshd_exec_t? > > > > ls -lZ /usr/sbin/sshd > > > > restorecon -v /usr/sbin/sshd > > > > should fix the label. > > I started getting the same AVC denials a week or so ago. My > /usr/sbin/sshd was indeed wrongly labelled: > > $ ll -Z /usr/sbin/sshd > -rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0 /usr/sbin/sshd > $ sudo restorecon -v /usr/sbin/sshd > restorecon reset /usr/sbin/sshd context unconfined_u:object_r:bin_t:s0->unconfined_u:object_r:sshd_exec_t:s0 > > What I'm wondering is, how did it become wrongly labelled? Nothing else > on my filesystem was wrong, according to restorecon. > > The errors only appear in my logs after sshd was restarted on 24 Feb for > a yum upgrade. The updated packages included: > > selinux-policy-3.12.1-122.fc20.noarch > openssh-server-6.4p1-3.fc20.x86_64 > > (among many others). Any hints on how I can figure out what went wrong > with the labelling of /usr/sbin/sshd? Oh, I forgot that the yum upgrade on 24 Feb was actually from F19->F20, just like Philip who originally started this thread. I suppose that means we just write it off as "upgrading between releases is not supported" then... -- Dan Callaghan <dcallagh@xxxxxxxxxx> Software Engineer, Hosted & Shared Services Red Hat, Inc.
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
