What can we do to rectify this now? Any workarounds? -----Original Message----- From: selinux-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:selinux-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Stephen Smalley Sent: Thursday, October 18, 2012 12:30 PM To: selinux@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: pam_selinux(sshd:session): Error! Unable to set executable context On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote: > We have an selinux user specialuser_u defined. The outputs of the > semanage command are as seen below > > semanager user –l > > admin_u user s0 SystemLow-SystemHigh > system_r sysadm_r > > guest_u guest s0 s0 guest_r > > remotesupport_u user s0 SystemLow-SystemHigh > system_r sysadm_r > > root sysadm s0 SystemLow-SystemHigh > system_r sysadm_r > > specialuser_u user s0 s0 > system_r sysadm_r > > staff_u staff s0 SystemLow-SystemHigh > sysadm_r staff_r > > sysadm_u sysadm s0 SystemLow-SystemHigh > sysadm_r > > system_u user s0 SystemLow-SystemHigh > system_r > > Now, we see the following in our log files > > pam_selinux(sshd:session): Error! Unable to set executable context > €‡\ ialuser_u:sysadm_r:sysadm_t. > > … > > … > > … > > pam_selinux(sshd:session): Error! Unable to set executable context > €×ª_ialuser_u:sysadm_r:sysadm_t:s0. > > … > > … > > … > > pam_selinux(sshd:session): Error! Unable to set executable context > €gb ialuser_u:sysadm_r:sysadm_t. > > … > > … > > … > > pam_selinux(sshd:session): Error! Unable to set executable context € > ³_ialuser_u:sysadm_r:sysadm_t:s0. > > /etc/pam.d/sshd looks as follows > > #%PAM-1.0 > > auth required pam_stack.so service=system-auth > > account required pam_nologin.so > > account required pam_stack.so service=system-auth > > password required pam_stack.so service=system-auth > > session required pam_stack.so service=system-auth > > session required pam_loginuid.so > > session optional pam_keyinit.so force revoke > > session required pam_selinux.so > > Could anyone help us with why we are seeing these error messages and why > the specialuser_u is corrupted with control chars? Sounds like a memory corruption bug in pam_selinux. Bugzilla? -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
