ssh.te - more needed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



After augmenting ssh.te with
     can_exec(sshd_t, sshd_exec_t)
as suggested by Stephen S., inbound
ssh to strict/enforcing system still fails.

Here are avc's (running permissive):

Aug 30 09:49:44 fedora kernel: audit(1093884584.213:0): avc:  denied  { ioctl } for  pid=4998 exe=/bin/su path=/dev/pts/4 dev=devpts ino=6 scontext=user_u:user_r:user_su_t tcontext=system_u:object_r:sshd_devpts_t tclass=chr_file
Aug 30 09:49:46 fedora kernel: audit(1093884586.516:0): avc:  denied  { getattr } for  pid=4998 exe=/bin/su name=4 dev=devpts ino=6 scontext=user_u:user_r:user_su_t tcontext=system_u:object_r:sshd_devpts_t tclass=chr_file
Aug 30 09:49:46 fedora kernel: audit(1093884586.542:0): avc:  denied  { read write } for  pid=5013 exe=/bin/hostname name=4 dev=devpts ino=6 scontext=root:sysadm_r:hostname_t tcontext=root:object_r:sshd_devpts_t tclass=chr_file

audit2allow says:
     allow hostname_t sshd_devpts_t:chr_file { read write };
     allow user_su_t sshd_devpts_t:chr_file { getattr ioctl };

tom



-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux