CentOS 5.4 + xinetd + sshd + SELinux issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

I have a problem trying to run sshd via xinetd on a CentOS 5.4 system
(I want to slap a tcpwrappers-style wrapper before sshd, so I need it
that way).

In permissive mode I can log in/out with the following failures reported
by audit2allow:

allow amanda_t consoletype_exec_t:file { execute execute_no_trans };
allow amanda_t devpts_t:chr_file { write ioctl };
allow amanda_t hostname_exec_t:file { execute execute_no_trans };
allow amanda_t shell_exec_t:file entrypoint;

I don't even have amanda installed, so the context is clearly bogus.

After a chat on #fedora-selinux it seems that sshd cannot find its
default context, so falls back to the first available one, which happens
to be something:something:amanda_t (the list is read from /selinux/user).
This operation is performed by sshd itself (as verified by strace).

I don't need Fort Knox type security but I'd like to use SELinux to
tighten down other parts of the system, so I'd really like to use the
enforcing mode.

Any hints? A good TFM to R will hopefully do.

Best regards,
 Grzegorz Nosek

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux