Re: sshd....denied transition...funny looking avc (working with latest policy files)

Tom London <selinux@xxxxxxxxxxx> · Fri, 23 Jul 2004 09:18:37 -0700

Uhhh.... I just installed the latest strict policy 

(selinux-policy-strict-sources-1.15.7-4) and

sshd now works......

These are now the only messages from

'ssh localhost':

Jul 23 09:14:30 fedora kernel: audit(1090599270.275:0): avc:  denied  {
write } for  pid=13806 exe=/usr/bin/ssh name=krb5.conf dev=hda2
ino=4474826 scontext=root:sysadm_r:sysadm_ssh_t
tcontext=system_u:object_r:krb5_conf_t tclass=file

Jul 23 09:14:30 fedora kernel: audit(1090599270.324:0): avc:  denied  {
write } for  pid=13806 exe=/usr/bin/ssh name=krb5.conf dev=hda2
ino=4474826 scontext=root:sysadm_r:sysadm_ssh_t
tcontext=system_u:object_r:krb5_conf_t tclass=file

Jul 23 09:14:34 fedora sshd(pam_unix)[13809]: session opened for user
root by root(uid=0)

tom

Russell Coker wrote:

  On Fri, 23 Jul 2004 06:25, Tom London <selinux@xxxxxxxxxxx> wrote:

    [running latest FC3T1 w/ latest mods from devel tree, strict/enforcing
kernel-2.6.7-1.494, openssh-3.8.1p1-4]

Attempting to scp into this host fails with
'Read from remote host HOST: connection reset by peer'

Please send me a .tgz format copy of your policy source directory after 
running "make clean".  Also let me know whether you have sshd run from inetd 
or as a daemon.

    [There appear to be 145 blank characters after 'kernel:' and before
'audit(' on the lines above.]

This is a kernel bug we've seen before.  It seemed to appear after the 
transition to the new auditing model.