Daniel J Walsh wrote:
> On 01/08/2013 01:57 PM, m.roth@xxxxxxxxx wrote:
>> Is this a bug? It's certainly a real inconsistancy, IMO.
>>
>> I just built a user's workstation, new, as fc-17.
>>
>> ll -Z /usr/sbin/sshd -rwxr-xr-x. root root
>> system_u:object_r:sshd_exec_t:s0
>> /usr/sbin/sshd*
>>
>> ll -Z /etc/ssh/ drwxr-xr-x. root root system_u:object_r:etc_t:s0
>> ./
>> drwxr-xr-x. root root system_u:object_r:etc_t:s0 ../ -rw-------.
>> root
>> root system_u:object_r:etc_t:s0 moduli -rw-r--r--. root root
>> system_u:system_u:etc_t:s0 ssh_config -rw-------. root root
>> system_u:system_u:etc_t:s0 sshd_config -rw-------. root root
>> system_u:system_u:etc_t:s0 sshd_config.rpmnew -rw-------. root
>> root
>> system_u:system_u:sshd_key_t:s0 ssh_host_dsa_key -rw-r--r--. root root
>> system_u:system_u:sshd_key_t:s0 ssh_host_dsa_key.pub -rw-------. root
>> root
>> system_u:system_u:sshd_key_t:s0 ssh_host_key -rw-r--r--. root root
>> system_u:system_u:sshd_key_t:s0 ssh_host_key.pub -rw-------. root root
>> system_u:system_u:sshd_key_t:s0 ssh_host_rsa_key -rw-r--r--. root root
>> system_u:system_u:sshd_key_t:s0 ssh_host_rsa_key.pub -rw-r--r--. root
>> root
>> system_u:system_u:etc_t:s0 ssh_known_hosts
>>
>> sealert tells me that the ssh_host_*_key should be etc_t, not, as I set
>> it, sshd_key_t.
>>
> What does matchpathcon /etc/ssh/ssh_host*
>
> Say?
<snip>
matchpathcon /etc/ssh/ssh_host*
/etc/ssh/ssh_host_dsa_key system_u:object_r:sshd_key_t:s0
/etc/ssh/ssh_host_dsa_key.pub system_u:object_r:sshd_key_t:s0
/etc/ssh/ssh_host_key system_u:object_r:sshd_key_t:s0
/etc/ssh/ssh_host_key.pub system_u:object_r:sshd_key_t:s0
/etc/ssh/ssh_host_rsa_key system_u:object_r:sshd_key_t:s0
/etc/ssh/ssh_host_rsa_key.pub system_u:object_r:sshd_key_t:s0
mark
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
