Hi Stephen,
Yes , I am using open env_params for it. But for this, my sftp is not working and getting the below error message :
Dec 13 13:00:00 aman authpriv 3 sshd: pam_selinux(sshd:session): Unable to get valid context for sftpuser
Dec 13 13:00:00 aman authpriv 6 sshd: pam_unix(sshd:session): session opened for user sftpuser by (uid=0)
Please let me know if you have any idea on this.
On Wed, Dec 13, 2017 at 8:54 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On Tue, 2017-12-12 at 23:47 -0500, Aman Sharma wrote:
> Hi All,
>
> just wanted to know the meaning of line session required
> pam_selinux.so open env_params added in /etc/pam.d/sshd file.
> Actually I am facing one issue related to this. When I changed this
> env_params to restore then my Sftp is not working.
>
> Can anybody Please guide me on this.
man pam_selinux describes the options and what they mean.
Why did you change it to restore? Per the man page, restore is to
temporarily restore the contexts and would be a separate entry in the
PAM stack before the module that needs the original contexts, followed
by a pam_selinux.so open env_params after that module to set them up
again. But don't use restore unless you actually need it for some
reason.