[Bug 949324] Review Request: oath-toolkit - One-time password components

bugzilla@xxxxxxxxxx · Sun, 07 Apr 2013 18:53:54 +0000



Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=949324

--- Comment #1 from Jaroslav Škarvada <jskarvad@xxxxxxxxxx> ---
For PAM module to correctly work with sshd, we will probably need selinux label
(for oath users configuration/state file) and appropriate rules:

Apr  7 20:49:26 yarda kernel: [23820.679293] type=1400
audit(1365360566.085:24): avc:  denied  { write } for  pid=24819 comm="sshd"
name="lib" dev="dm-1" ino=786434
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
Apr  7 20:49:26 yarda kernel: [23820.698179] type=1400
audit(1365360566.085:25): avc:  denied  { add_name } for  pid=24819 comm="sshd"
name="users.oath.lock" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
Apr  7 20:49:26 yarda kernel: [23820.718090] type=1400
audit(1365360566.124:26): avc:  denied  { create } for  pid=24819 comm="sshd"
name="users.oath.lock" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_lib_t:s0 tclass=file
Apr  7 20:49:26 yarda kernel: [23820.737756] type=1400
audit(1365360566.144:27): avc:  denied  { write open } for  pid=24819
comm="sshd" path="/var/lib/users.oath.lock" dev="dm-1" ino=806912
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_lib_t:s0 tclass=file
Apr  7 20:49:26 yarda kernel: [23820.759772] type=1400
audit(1365360566.165:28): avc:  denied  { lock } for  pid=24819 comm="sshd"
path="/var/lib/users.oath.lock" dev="dm-1" ino=806912
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_lib_t:s0 tclass=file
Apr  7 20:49:26 yarda kernel: [23820.783848] type=1400
audit(1365360566.190:29): avc:  denied  { getattr } for  pid=24819 comm="sshd"
path="/var/lib/users.oath.new" dev="dm-1" ino=810364
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_lib_t:s0 tclass=file
Apr  7 20:49:26 yarda kernel: [23820.846464] type=1400
audit(1365360566.253:30): avc:  denied  { remove_name } for  pid=24819
comm="sshd" name="users.oath.new" dev="dm-1" ino=810364
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
Apr  7 20:49:26 yarda kernel: [23820.867964] type=1400
audit(1365360566.274:31): avc:  denied  { rename } for  pid=24819 comm="sshd"
name="users.oath.new" dev="dm-1" ino=810364
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_lib_t:s0 tclass=file
Apr  7 20:49:26 yarda kernel: [23820.889180] type=1400
audit(1365360566.295:32): avc:  denied  { unlink } for  pid=24819 comm="sshd"
name="users.oath" dev="dm-1" ino=272776
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:etc_t:s0 tclass=file
Apr  7 20:49:26 yarda kernel: [23820.909548] type=1400
audit(1365360566.316:33): avc:  denied  { unlink } for  pid=24819 comm="sshd"
name="users.oath.lock" dev="dm-1" ino=806912
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_lib_t:s0 tclass=file

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=OYsg1fVoGz&a=cc_unsubscribe
_______________________________________________
package-review mailing list
package-review@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/package-review