Re: Defining SELinux users, "Unable to get valid context...". Help!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Feb 14, 2021 at 2:32 AM Dominick Grift
<dominick.grift@xxxxxxxxxxx> wrote:
> Peter Whittaker <peterwhittaker@xxxxxxxxxxxxxxxxxxx> writes:
>
> > Yes, I may need it, but at this point I want to understand why one
> > works and the other doesn't.
>
> I know that the openssh-server in red-hat based distributions has custom
> selinux patches.

Well. Just fixed it by accident. The relevant line of /etc/pam.d/sshd was

    session    required     pam_selinux.so open env_params

In an attempt to debug the problem, I changed this to

    session    required     pam_selinux.so open select_context

PAM did not ask me for a context, but did set the context correctly.

    session    required     pam_selinux.so open

also worked fine.

I need to do some research on this. The env_params option was a system
default, I dislike changing system defaults unless I understand why.

Now to figure why the auditor's context is failing to be set.

P

Peter Whittaker
Director, Business Development
www.SphyrnaSecurity.com
+1 613 864 5337



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux