Stephen Smalley wrote:
> On 03/07/2018 03:18 PM, m.roth@xxxxxxxxx wrote:
>> CentUS 7.4
>>
>> From sealert:
>> SELinux is preventing /usr/sbin/sshd from read access on the file
>> /etc/ssh/moduli.
>>
>> ***** Plugin restorecon (94.8 confidence) suggests
>> ************************
>>
>> If you want to fix the label.
>> /etc/ssh/moduli default label should be etc_t.
>> Then you can run restorecon.
>> Do
>> # /sbin/restorecon -v /etc/ssh/moduli
>> <...>
>> Additional Information:
>> Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023
>> Target Context system_u:object_r:unlabeled_t:s0
>> Target Objects /etc/ssh/moduli [ file ]
>> Source sshd
>> Source Path /usr/sbin/sshd
>> ---------
>>
>> Except:
>> ls -laFZ /etc/ssh/moduli
>> -rw-r--r--. root root system:object_r:etc_t:s0 /etc/ssh/moduli
>
> NB: You have "system" rather than "system_u" above, unless that's a typo.
> Which would be an invalid user identity, and thus an invalid security
> context, and therefore mapped to the unlabeled context at runtime.
>
> Is it wrong in your file_contexts configuration?
> If not, then restorecon -F -v /etc/ssh/moduli should fix (by default,
> restorecon doesn't touch user identity since it reflects creator and can
> vary).
>
Thank you, Stephen. As I see it was happening at least once every half
hour, and it hasn't happened since I fixed that, it looks like that was
the answer.
mark
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
