Hi, rpm runs a helper after glibc updates that does a /sbin/service sshd condrestart. The present policy doesn't properly transition domains for this restarting of sshd by rpm, so if you have updated your glibc, your sshd may be running in the wrong domain. ps -eZ | grep sshd should show a context of system_u:system_r:sshd_t. If it does not, then do a /sbin/service sshd condrestart. Policy patch below. Index: policy/domains/program/unused/rpm.te =================================================================== RCS file: /nfshome/pal/CVS/selinux-usr/policy/domains/program/unused/rpm.te,v retrieving revision 1.24 diff -u -r1.24 rpm.te --- policy/domains/program/unused/rpm.te 12 Jul 2004 16:41:48 -0000 1.24 +++ policy/domains/program/unused/rpm.te 12 Aug 2004 18:42:44 -0000 @@ -59,6 +59,7 @@ allow rpm_t devtty_t:chr_file rw_file_perms; domain_auto_trans(rpm_t, ldconfig_exec_t, ldconfig_t) +domain_auto_trans(rpm_t, initrc_exec_t, initrc_t) ifdef(`cups.te', ` r_dir_file(cupsd_t, rpm_var_lib_t) -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
