Peter Whittaker <peterwhittaker@xxxxxxxxxxxxxxxxxxx> writes: > On Sun, Feb 14, 2021 at 2:32 AM Dominick Grift > <dominick.grift@xxxxxxxxxxx> wrote: >> Peter Whittaker <peterwhittaker@xxxxxxxxxxxxxxxxxxx> writes: >> >> > Yes, I may need it, but at this point I want to understand why one >> > works and the other doesn't. >> >> I know that the openssh-server in red-hat based distributions has custom >> selinux patches. > > Well. Just fixed it by accident. The relevant line of /etc/pam.d/sshd was > > session required pam_selinux.so open env_params > > In an attempt to debug the problem, I changed this to > > session required pam_selinux.so open select_context > > PAM did not ask me for a context, but did set the context correctly. > > session required pam_selinux.so open > > also worked fine. oh right! ... yes corner case... to make it work with env_params you need: allow xferHigh2Local_t self:context contains; Sorry for overlooking that > > I need to do some research on this. The env_params option was a system > default, I dislike changing system defaults unless I understand why. > > Now to figure why the auditor's context is failing to be set. > > P > > Peter Whittaker > Director, Business Development > www.SphyrnaSecurity.com > +1 613 864 5337 -- gpg --locate-keys dominick.grift@xxxxxxxxxxx Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098 https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098 Dominick Grift