-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/19/2012 12:12 PM, Radha Venkatesh (radvenka) wrote: > Any suggestions on how this issue can be overcome? > > Thanks, Radha. > > -----Original Message----- From: Radha Venkatesh (radvenka) Sent: Thursday, > October 18, 2012 1:37 PM To: 'Stephen Smalley'; > selinux@xxxxxxxxxxxxxxxxxxxxxxx Subject: RE: pam_selinux(sshd:session): > Error! Unable to set executable context > > What can we do to rectify this now? Any workarounds? > > -----Original Message----- From: selinux-bounces@xxxxxxxxxxxxxxxxxxxxxxx > [mailto:selinux-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Stephen > Smalley Sent: Thursday, October 18, 2012 12:30 PM To: > selinux@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: pam_selinux(sshd:session): > Error! Unable to set executable context > > On 10/18/2012 12:59 PM, Radha Venkatesh (radvenka) wrote: >> We have an selinux user specialuser_u defined. The outputs of the >> semanage command are as seen below >> >> semanager user –l >> >> admin_u user s0 SystemLow-SystemHigh system_r >> sysadm_r >> >> guest_u guest s0 s0 >> guest_r >> >> remotesupport_u user s0 SystemLow-SystemHigh system_r >> sysadm_r >> >> root sysadm s0 SystemLow-SystemHigh system_r >> sysadm_r >> >> specialuser_u user s0 s0 system_r sysadm_r >> >> staff_u staff s0 SystemLow-SystemHigh sysadm_r >> staff_r >> >> sysadm_u sysadm s0 SystemLow-SystemHigh sysadm_r >> >> system_u user s0 SystemLow-SystemHigh system_r >> >> Now, we see the following in our log files >> >> pam_selinux(sshd:session): Error! Unable to set executable context €‡\ >> ialuser_u:sysadm_r:sysadm_t. >> >> … >> >> … >> >> … >> >> pam_selinux(sshd:session): Error! Unable to set executable context >> €×ª_ialuser_u:sysadm_r:sysadm_t:s0. >> >> … >> >> … >> >> … >> >> pam_selinux(sshd:session): Error! Unable to set executable context €gb >> ialuser_u:sysadm_r:sysadm_t. >> >> … >> >> … >> >> … >> >> pam_selinux(sshd:session): Error! Unable to set executable context € >> ³_ialuser_u:sysadm_r:sysadm_t:s0. >> >> /etc/pam.d/sshd looks as follows >> >> #%PAM-1.0 >> >> auth required pam_stack.so service=system-auth >> >> account required pam_nologin.so >> >> account required pam_stack.so service=system-auth >> >> password required pam_stack.so service=system-auth >> >> session required pam_stack.so service=system-auth >> >> session required pam_loginuid.so >> >> session optional pam_keyinit.so force revoke >> >> session required pam_selinux.so >> >> Could anyone help us with why we are seeing these error messages and why >> the specialuser_u is corrupted with control chars? > > Sounds like a memory corruption bug in pam_selinux. Bugzilla? > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing > list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > Radha, can you see if selinuxdefcon and selinuxconlist help you diagnose what is going on. (If they exists on on RHEL6?) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCBjDcACgkQrlYvE4MpobMtWACfYZ6pfkyQf5HZqxCWeH/G4+ly 9t8An3RPDS9B0Xdkb62hcfydNH6/4/le =ZavA -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
