RE: pam_selinux(sshd:session): Error! Unable to set executable context

"Radha Venkatesh (radvenka)" <radvenka@xxxxxxxxx> · Fri, 19 Oct 2012 16:12:01 +0000

Any suggestions on how this issue can be overcome?

Thanks,
Radha.

-----Original Message-----
From: Radha Venkatesh (radvenka) 
Sent: Thursday, October 18, 2012 1:37 PM
To: 'Stephen Smalley'; selinux@xxxxxxxxxxxxxxxxxxxxxxx
Subject: RE: pam_selinux(sshd:session): Error! Unable to set executable context

What can we do to rectify this now? Any workarounds?

-----Original Message-----
From: selinux-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:selinux-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Stephen Smalley
Sent: Thursday, October 18, 2012 12:30 PM
To: selinux@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: pam_selinux(sshd:session): Error! Unable to set executable context

On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote:
> We have an selinux user specialuser_u defined. The outputs of the
> semanage command are as seen below
>
> semanager user –l
>
> admin_u         user       s0         SystemLow-SystemHigh
> system_r sysadm_r
>
> guest_u         guest      s0         s0                             guest_r
>
> remotesupport_u user       s0         SystemLow-SystemHigh
> system_r sysadm_r
>
> root            sysadm     s0         SystemLow-SystemHigh
> system_r sysadm_r
>
> specialuser_u   user       s0         s0
> system_r sysadm_r
>
> staff_u         staff      s0         SystemLow-SystemHigh
> sysadm_r staff_r
>
> sysadm_u        sysadm     s0         SystemLow-SystemHigh
> sysadm_r
>
> system_u        user       s0         SystemLow-SystemHigh
> system_r
>
> Now, we see the following in our log files
>
> pam_selinux(sshd:session): Error!  Unable to set executable context
> €‡\     ialuser_u:sysadm_r:sysadm_t.
>
> …
>
> …
>
> …
>
> pam_selinux(sshd:session): Error!  Unable to set executable context
> €×ª_ialuser_u:sysadm_r:sysadm_t:s0.
>
> …
>
> …
>
> …
>
> pam_selinux(sshd:session): Error!  Unable to set executable context
> €gb     ialuser_u:sysadm_r:sysadm_t.
>
> …
>
> …
>
> …
>
> pam_selinux(sshd:session): Error!  Unable to set executable context €
> ³_ialuser_u:sysadm_r:sysadm_t:s0.
>
> /etc/pam.d/sshd looks as follows
>
> #%PAM-1.0
>
> auth       required     pam_stack.so service=system-auth
>
> account    required     pam_nologin.so
>
> account    required     pam_stack.so service=system-auth
>
> password   required     pam_stack.so service=system-auth
>
> session    required     pam_stack.so service=system-auth
>
> session    required     pam_loginuid.so
>
> session    optional     pam_keyinit.so force revoke
>
> session    required     pam_selinux.so
>
> Could anyone help us with why we are seeing these error messages and why
> the specialuser_u is corrupted with control chars?

Sounds like a memory corruption bug in pam_selinux.  Bugzilla?

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux