On Mon, 2007-12-03 at 12:12 +0000, Paul Howarth wrote:
> Got this one on the server end when using sftp with key-based auth and
> using keychain:
>
> type=AVC msg=audit(1196678377.841:1040): avc: denied { setkeycreate }
> for pid=23895 comm="sshd"
> scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023
> tcontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1196678377.841:1040): arch=40000003 syscall=4
> success=no exit=-13 a0=5 a1=b802c120 a2=22 a3=15a03a items=0 ppid=31470
> pid=23895 auid=1012 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=(none) comm="sshd" exe="/usr/sbin/sshd"
> subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
>
> What's actually being denied here? Everything still seemed to work.
This is already reported:
https://bugzilla.redhat.com/show_bug.cgi?id=406951
Sshd now calls setkeycreatecon() which is not but should be allowed in
policy.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
