Re: sshd key context

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/08/2013 01:57 PM, m.roth@xxxxxxxxx wrote:
> Is this a bug? It's certainly a real inconsistancy, IMO.
> 
> I just built a user's workstation, new, as fc-17.
> 
> ll -Z /usr/sbin/sshd -rwxr-xr-x. root root system_u:object_r:sshd_exec_t:s0
> /usr/sbin/sshd*
> 
> ll -Z /etc/ssh/ drwxr-xr-x. root root system_u:object_r:etc_t:s0       ./ 
> drwxr-xr-x. root root system_u:object_r:etc_t:s0       ../ -rw-------. root
> root system_u:object_r:etc_t:s0       moduli -rw-r--r--. root root
> system_u:system_u:etc_t:s0       ssh_config -rw-------. root root
> system_u:system_u:etc_t:s0       sshd_config -rw-------. root root
> system_u:system_u:etc_t:s0       sshd_config.rpmnew -rw-------. root root
> system_u:system_u:sshd_key_t:s0  ssh_host_dsa_key -rw-r--r--. root root
> system_u:system_u:sshd_key_t:s0  ssh_host_dsa_key.pub -rw-------. root root
> system_u:system_u:sshd_key_t:s0  ssh_host_key -rw-r--r--. root root
> system_u:system_u:sshd_key_t:s0  ssh_host_key.pub -rw-------. root root
> system_u:system_u:sshd_key_t:s0  ssh_host_rsa_key -rw-r--r--. root root
> system_u:system_u:sshd_key_t:s0  ssh_host_rsa_key.pub -rw-r--r--. root root
> system_u:system_u:etc_t:s0       ssh_known_hosts
> 
> sealert tells me that the ssh_host_*_key should be etc_t, not, as I set it,
> sshd_key_t.
> 
> mark
> 
> 
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
What does matchpathcon /etc/ssh/ssh_host*

Say?

I think we just changed the labeling of this directory to cover all ssh keys.

F18 policy has

 grep /etc/ssh /etc/selinux/targeted/contexts/files/file_contexts
/etc/ssh/ssh_host_key.pub	--	system_u:object_r:sshd_key_t:s0
/etc/ssh/ssh_host_dsa_key.pub	--	system_u:object_r:sshd_key_t:s0
/etc/ssh/ssh_host_rsa_key.pub	--	system_u:object_r:sshd_key_t:s0
/etc/ssh/primes	--	system_u:object_r:sshd_key_t:s0
/etc/ssh/ssh_host_key	--	system_u:object_r:sshd_key_t:s0
/etc/ssh/ssh_host_dsa_key	--	system_u:object_r:sshd_key_t:s0
/etc/ssh/ssh_host_rsa_key	--	system_u:object_r:sshd_key_t:s0

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlDslocACgkQrlYvE4MpobPsmgCdGOvbuYmbtSjbLM7pWsPRMsIN
DjUAn2Qty1mxnW7FtQs/pKvyOxbZpBo+
=ApqA
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux