On Fri, Sep 12, 2008 at 3:25 AM, Václav Ovsík <vaclav.ovsik@xxxx> wrote: > On Thu, Sep 11, 2008 at 02:01:08PM -0700, Justin Mattock wrote: >>... >> appologize for the latency with getting back to you; >> you might have the ssh version from sid, if so >> do /etc/init.d/ssh stop and start if you notice [fail] then thats the issue, >> esspecially if people are booting up and not even manually starting the daemon. >> As for the policy and ssh I'm in the process of >> having two machines in full enforcing mode, having the ability >> to do a ssh transaction(need to configure some things); As well >> as vncviewer, and shoutcast; all with ipsec. (AH and ESP) >> right now I've been able to run all three applications on the machine >> that is in full enforcement, but it seems im having issues with ipsec >> and shoutcast. >> on the server side. >> I'll get back to you on this. >> >> -- >> Justin P. Mattock > > I just reported the bug in sshd > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498684 > This is upstream OpenSSH problem too. > > On Fri, Sep 12, 2008 at 10:09:32AM +0200, David Härdeman wrote: >> On Thu, September 11, 2008 14:50, Václav Ovsík wrote: >> > Conclusion: Running SE Linux in permissive mode can't prevent you from >> > all SE Linux problems every time! (in most cases yes of course :) >> >> Another example of that is that dbus seems to do SELinux permission checks >> even after permissive mode is enabled. >> >> -- >> David Härdeman > > It should be reported if it is true, IMO. > > Regards > -- > Zito > Cool; I ended up downgrading to a random pick of ssh_4.3p2-9etch2_all.deb works good from here. Just make sure you start in sysadm_r role or you won't be able to do much to the other system while in enforcement mode.(made the mistake of using ssh in user_r role.) regards; -- Justin P. Mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.