On Sun, Feb 14, 2021 at 2:32 AM Dominick Grift <dominick.grift@xxxxxxxxxxx> wrote: > Peter Whittaker <peterwhittaker@xxxxxxxxxxxxxxxxxxx> writes: > > > Yes, I may need it, but at this point I want to understand why one > > works and the other doesn't. > > I know that the openssh-server in red-hat based distributions has custom > selinux patches. Well. Just fixed it by accident. The relevant line of /etc/pam.d/sshd was session required pam_selinux.so open env_params In an attempt to debug the problem, I changed this to session required pam_selinux.so open select_context PAM did not ask me for a context, but did set the context correctly. session required pam_selinux.so open also worked fine. I need to do some research on this. The env_params option was a system default, I dislike changing system defaults unless I understand why. Now to figure why the auditor's context is failing to be set. P Peter Whittaker Director, Business Development www.SphyrnaSecurity.com +1 613 864 5337