When trying to perform an sftp operation we encounter a failure even in permissive mode. The syslogs during the failure are as follows Mar 18 23:43:45 den-ccm-pub authpriv 3 sshd: pam_selinux(sshd:session): conversation failed Mar 18 23:43:45 den-ccm-pub authpriv 4 sshd: pam_selinux(sshd:session): No response to query: Would you like to enter a security context? [N] Mar 18 23:43:45 den-ccm-pub authpriv 3 sshd: pam_selinux(sshd:session): Unable to get valid context for sftpuser Mar 18 23:43:45 den-ccm-pub authpriv 6 sshd: pam_unix(sshd:session): session opened for user sftpuser by (uid=0) Mar 18 23:43:45 den-ccm-pub authpriv 6 sshd: User child is on pid 5853 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: mm_request_receive entering Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: PAM: establishing credentials Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: permanently_set_uid: 500/500 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug2: set_newkeys: mode 0 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug2: set_newkeys: mode 1 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: Entering interactive session for SSH2. Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug2: fd 4 setting O_NONBLOCK Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug2: fd 6 setting O_NONBLOCK Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: server_init_dispatch_20 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: input_session_request Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: channel 0: new [server-session] Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug2: session_new: allocate (allocated 0 max 10) Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: session_unused: session id 0 unused Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: session_new: session 0 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: session_open: channel 0 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: session_open: session 0: link with channel 0 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: server_input_channel_open: confirm session Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: server_input_global_request: rtype no-more-sessions@xxxxxxxxxxx want_reply 0 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: Wrote 52 bytes for a total of 2801 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: server_input_channel_req: channel 0 request env reply 0 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: session_by_channel: session 0 channel 0 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: session_input_channel_req: session 0 req env Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug2: Setting env 0: LANG=en_US.UTF-8 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: server_input_channel_req: channel 0 request subsystem reply 1 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: session_by_channel: session 0 channel 0 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: session_input_channel_req: session 0 req subsystem Mar 18 23:43:45 den-ccm-pub authpriv 6 sshd: subsystem request for sftp Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: subsystem: exec() internal-sftp Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: mm_audit_run_command entering command internal-sftp Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: mm_request_send entering: type 62 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: mm_request_receive_expect entering: type 63 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: monitor_read: checking request 62 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: mm_answer_audit_command entering Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug2: session_new: allocate (allocated 0 max 10) Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: session_unused: session id 0 unused Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug1: session_new: session 0 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: mm_request_send entering: type 63 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: mm_request_receive entering Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: mm_request_receive entering Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug2: fd 3 setting TCP_NODELAY Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug2: fd 9 setting O_NONBLOCK Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug2: fd 8 setting O_NONBLOCK Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: Copy environment: SELINUX_ROLE_REQUESTED= Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug2: fd 11 setting O_NONBLOCK Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: Copy environment: SELINUX_LEVEL_REQUESTED= Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: Copy environment: SELINUX_USE_CURRENT_RANGE= Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: channel 0: close_fds r -1 w -1 e -1 c -1 Mar 18 23:43:45 den-ccm-pub authpriv 7 sshd: debug3: Wrote 88 bytes for a total of 2889 Mar 18 23:43:45 den-ccm-pub authpriv 6 sshd: ssh_selinux_copy_context: setcon failed with Invalid argument Mar 18 23:43:45 den-ccm-pub authpriv 2 sshd: fatal: xfree: NULL pointer given as argument The OpenSSH version on the system is openssh-clients-5.3p1-70.el6.x86_64 openssh-5.3p1-70.el6.x86_64 openssh-server-5.3p1-70.el6.x86_64 Here are the semanange login and user details [root@den-ccm-sub1 remoteadmin]# semanage login -l Login Name SELinux User MLS/MCS Range __default__ unconfined_u s0-s0:c0.c1023 administrator admin_u s0-s0:c0.c1023 ccmservice specialuser_u s0 drfkeys specialuser_u s0 drfuser specialuser_u s0 informix specialuser_u s0 pwrecovery specialuser_u s0 remoteadmin remotesupport_u s0-s0:c0.c1023 root unconfined_u s0-s0:c0.c1023 sftpuser specialuser_u s0 system_u system_u s0-s0:c0.c1023 [root@den-ccm-sub1 remoteadmin]# semanage user -l Labeling MLS/ MLS/ SELinux User Prefix MCS Level MCS Range SELinux Roles admin_u user s0 s0-s0:c0.c1023 sysadm_r system_r git_shell_u user s0 s0 git_shell_r guest_u user s0 s0 guest_r remotesupport_u user s0 s0-s0:c0.c1023 sysadm_r system_r root user s0 s0-s0:c0.c1023 sysadm_r system_r specialuser_u user s0 s0 sysadm_r system_r staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r sysadm_u user s0 s0-s0:c0.c1023 sysadm_r system_u user s0 s0-s0:c0.c1023 system_r unconfined_r unconfined_u user s0 s0-s0:c0.c1023 system_r unconfined_r user_u user s0 s0 user_r xguest_u user s0 s0 xguest_r Here is the sshd process context system_u:system_r:sshd_t:s0-s0:c0.c1023 root 5012 1 0 Mar18 ? 00:00:00 /usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023 root 30383 1 0 Mar18 ? 00:00:00 sshd: remoteadmin [priv] system_u:system_r:sshd_t:s0-s0:c0.c1023 668 30448 30383 0 Mar18 ? 00:00:00 sshd: remoteadmin@pts/0 Is this a known issue? Thanks, Anamitra -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux