On Wednesday, March 7, 2018 2:26:14 PM AKST m.roth@xxxxxxxxx wrote: > Stephen Smalley wrote: > > > On 03/07/2018 03:18 PM, m.roth@xxxxxxxxx wrote: > > > >> CentUS 7.4 > >> ... > >> From sealert: > >> SELinux is preventing /usr/sbin/sshd from read access on the file > >> /etc/ssh/moduli. > >> Except: > >> ls -laFZ /etc/ssh/moduli > >> -rw-r--r--. root root system:object_r:etc_t:s0 /etc/ssh/moduli > > ... > > NB: You have "system" rather than "system_u" above, unless that's a typo. > > Which would be an invalid user identity, and thus an invalid security > > context, and therefore mapped to the unlabeled context at runtime. CentUS or CentOS? "system" or "system_u"? Am I to be amused? This is frustrating. This sort of thing is typical of a hacked system, and for us ordinary users, there is no sane SELinux policy development taking place. A lot of these security labels can easily, freely, and arbitrarily be changed by ordinary users with the "chcon" command, there is a lot of covert resistance to locking things down any further or fixing persistent security problems, and SELinux has never really moved beyond the philosophy of # touch /.autorelabel && reboot _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
