Re: semodule

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2009-06-05 at 13:09 -0400, Daniel J Walsh wrote:
> On 06/05/2009 10:10 AM, Stephen Smalley wrote:
> > On Sun, 2009-05-31 at 08:36 -0700, Vadym Chepkov wrote:
> >> I compared /etc/pam.d/sshd of the affected and working system, they are identical. But, I found these entries in /var/log/secure of the system in trouble:
> >>
> >> error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument
> >>
> >> I bet it's a smoking gun, I just have no idea what to do about it.
> >
> > Wait - that means that sshd is still trying to set up the tty label.
> > Dan, I thought you switched to using pam_selinux instead for sshd?  Why
> > would there be both direct selinux logic in sshd and pam_selinux
> > in /etc/pam.d/sshd?
> >
> There should not be.

Some SELinux calls still have to happen from sshd directly - for example
the pty relabelling, because the pty in sshd is not yet set up when the
pam_selinux is called.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux