On 10/16/2009 08:15 PM, Larry Ross wrote: > I have created a custom selinux user for the strict policy on RHEL5.3 who's > purpose is to connect via ssh and scp files off the machine. When that user > tries to login via ssh, I see the following messages in /var/log/secure: > > In enforcing: > Oct 16 07:49:40 localhost sshd[20461]: Accepted password for scpuser > from 192.168.1.1 port 64680 ssh2 > Oct 16 07:49:40 localhost sshd[20461]: error: Failed to get default security > context for scpuser. > Oct 16 07:49:40 localhost sshd[20461]: fatal: SELinux failure. Aborting > connection. > > In permissive: > Oct 16 07:55:59 localhost sshd[23302]: Accepted password for scpuser from > 192.168.1.1 port 56254 ssh2 > Oct 16 07:55:59 localhost sshd[23302]: error: Failed to get default security > context for scpuser. > Oct 16 07:55:59 localhost sshd[23302]: error: SELinux failure. Continuing in > permissive mode. > > Could someone explain what these messages mean? > > I believe that I have a default context defined in the "default context" > file that should work. I believe I have an executable context available for > this user (using rbash rather than bash). > > How is sshd making this decision? It looks like it is calling setexeccon, > but I'm not sure how that makes its decision. Where should I look for clues > as to how to fix it? > > Thank you, > Larry > Did you add an entry to default_types? -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
