On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
We have an selinux user specialuser_u defined. The outputs of the semanage command are as seen below semanager user –l admin_u user s0 SystemLow-SystemHigh system_r sysadm_r guest_u guest s0 s0 guest_r remotesupport_u user s0 SystemLow-SystemHigh system_r sysadm_r root sysadm s0 SystemLow-SystemHigh system_r sysadm_r specialuser_u user s0 s0 system_r sysadm_r staff_u staff s0 SystemLow-SystemHigh sysadm_r staff_r sysadm_u sysadm s0 SystemLow-SystemHigh sysadm_r system_u user s0 SystemLow-SystemHigh system_r Now, we see the following in our log files pam_selinux(sshd:session): Error! Unable to set executable context €‡\ ialuser_u:sysadm_r:sysadm_t. … … … pam_selinux(sshd:session): Error! Unable to set executable context €×ª_ialuser_u:sysadm_r:sysadm_t:s0. … … … pam_selinux(sshd:session): Error! Unable to set executable context €gb ialuser_u:sysadm_r:sysadm_t. … … … pam_selinux(sshd:session): Error! Unable to set executable context € ³_ialuser_u:sysadm_r:sysadm_t:s0. /etc/pam.d/sshd looks as follows #%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_loginuid.so session optional pam_keyinit.so force revoke session required pam_selinux.so Could anyone help us with why we are seeing these error messages and why the specialuser_u is corrupted with control chars?
Sounds like a memory corruption bug in pam_selinux. Bugzilla? -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
