Orion Poplawski wrote:
I'm running Sun Grid Engine on a CentOS 5 cluster and am having
trouble with SELinux preventing the proper setup of parallel
environments. Turning SELinux off allows everything to work properly.
The problem seems to be when SGE tries to use ssh to login to a remote
machine. As part of this process, it starts up a private sshd daemon
to handle the connection. The relevant error appears to be:
type=USER_LOGIN msg=audit(1186001097.981:19489): user pid=12066 uid=0
auid=0 subj=root:system_r:unconfined_t:s0-s0:c0.c1023 msg='acct=steph:
exe="/usr/sbin/sshd" (hostname=?, addr=192.168.0.120, terminal=sshd
res=failed)'
type=USER_ROLE_CHANGE msg=audit(1186001098.201:19491): user pid=12066
uid=0 auid=0 subj=root:system_r:unconfined_t:s0-s0:c0.c1023 msg='sshd:
default-context=user_u:system_r:unconfined_t:s0
selected-context=user_u:system_r:unconfined_t:s0-s0:c0.c1023:
exe="/usr/sbin/sshd" (hostname=?, addr=?, terminal=? res=failed)'
sshd reports:
Aug 1 14:44:58 coop00 sshd[12066]: error: deny MLS level
SystemLow-SystemHigh (user range s0). Continuing in permissive mode
I'm at a loss here. Can anyone explain what is going on and what is
failing? How can I make it work without running in permissive mode?
Thanks!
What context is your sshd running under?
Normal sshd runs under
system_u:system_r:sshd_t:SystemLow-SystemHigh
I think you might be having a problem if you sshd is only running at s0
and trying to log people in at
SystemLow-SystemHigh.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
