Re: Bug or feature, absent authorized_hosts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/01/2012 07:57 PM, Vadym Chepkov wrote:
> Hi,
> 
> Not sure if it's a bug or a "feature"
> 
> RHEL6.3 selinux-policy-targeted-3.7.19-155.el6_3.noarch
> 
> was getting bunch of these:
> 
> ---- time->Tue Jul 31 11:22:21 2012 type=SYSCALL
> msg=audit(1343733741.446:154): arch=c000003e syscall=2 success=no exit=-13
> a0=7f740329e7d0 a1=800 a2=1 a3=24 items=0 ppid=946 pid=1291 auid=4294967295
> uid=0 gid=0 euid=1001 suid=0 fsuid=1001 egid=513 sgid=0 fsgid=513
> tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd"
> subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) type=AVC
> msg=audit(1343733741.446:154): avc:  denied  { read } for  pid=1291
> comm="sshd" name="authorized_keys" dev=xvdb ino=3368578
> scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:home_root_t:s0 tclass=file
> 
> authorized_keys file didn't even exist for root user, it is not allowed to
> login remotely. Silenced it down by creating empty authorized_keys file
> with ssh_home_t context.
> 
> Cheers, Vadym
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
> 

More like a labeling problem.

restorecon -R -v /home

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAadmIACgkQrlYvE4MpobN2QQCdGBwDd/CdFIwTLll8gpj45iY5
ynsAoMvxQtMaWHI8Hz4gbU1wk/ZtbClg
=PurL
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux