error: ssh_selinux_getctxbyname: Failed to get default SELinux security context

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello

I get the following error when I try to log in through ssh (even if
selinux is in permissive mode!!!):

Sep 28 09:01:32 stvlx05.test.ch sshd[12614]: Accepted
keyboard-interactive/pam for mat from 131.102.233.127 port 58912 ssh2
Sep 28 09:01:32 stvlx05.test.admin.ch kernel: [60557.252750] type=1400
audit(1285657292.298:286): avc:  denied  { audit_control } for  pid=12614
comm="sshd" capability=30  scontext=system_u:system_r:sysadm_t
tcontext=system_u:system_r:sysadm_t tclass=capability
Sep 28 09:01:32 stvlx05.test.ch sshd[12621]: error:
ssh_selinux_getctxbyname: Failed to get default SELinux security context
for mat
Sep 28 09:01:32 stvlx05.test.ch sshd[12614]: error:
ssh_selinux_getctxbyname: Failed to get default SELinux security context
for mat
Sep 28 09:01:32 stvlx05.test.ch sshd[12614]: error: ssh_selinux_setup_pty:
security_compute_relabel: Invalid argument

I already went through this post:
http://www.nsa.gov/research/selinux/list-archive/0910/30906.shtml but I
can't figure out the exact problem.

Here is what I've done so far:
- Downloaded the latest reference policy from tresys:
http://oss.tresys.com/files/refpolicy/refpolicy-2.20100524.tar.bz2
- Compiled and installed it on my sles 11.1
- set selinux into permissive mode: (so far so good.. :))
sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          permissive
Policy version:                 24
Policy from config file:        refpolicy
- Add selinux user "mat_u": semanage user -R "staff_r system_r" -P user -a
mat_u
- Add linux user " mat": useradd mat
- Set password for "mat": passwd mat
- User mapping: semanage login -s mat_u -a mat
- add security context for "mat_u" by copying staff_u's context (don't
know if that's needed??!): cp /etc/selinux/refpolicy/contexts/user/staff_u
/etc/selinux/refpolicy/contexts/user/mat_u
- set boolean for sysadm ssh login to true (don't know if thats needed?!):
setsebool ssh_sysadm_login on

In other posts I've read something about sepermit.conf and namespace.conf
but these files don't exist on my system. What about these files? Do I
need them?
What's wrong on my system?
Why it's not possible to login even if selinux is in permissive mode?
Any suggestions?

thanks in advance
Matthias

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux