Bug 122523

Summary: restarts ssh but with incorrect security context
Product: [Fedora] Fedora Reporter: Tim Waugh <twaugh>
Component: glibcAssignee: Jakub Jelinek <jakub>
Status: CLOSED CURRENTRELEASE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: drepper, dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-09-30 18:20:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tim Waugh 2004-05-05 14:13:25 UTC 
Description of problem:
Upgrading glibc on an enforcing-mode SELinux machine renders it
incapable of accepting remote ssh logins until ssh is restarted by hand.

Version-Release number of selected component (if applicable):
openssh-3.6.1p2-34
glibc-2.3.3-24
policy-1.11.2-21

How reproducible:
100%

Steps to Reproduce:
1. Run SELinux enforcing mode.
2. Log in via ssh -- it works
3. Upgrade glibc (ssh is restarted in %post)
4. Try to log in via ssh - the log in is refused

This is because sshd is running in rpm_t context, due to being
restarted in an rpm scriptlet.
Comment 1 Ulrich Drepper 2004-09-30 11:11:33 UTC 
I thing I updated my system today without explicitly restarting ssh
(i.e., the glibc spec file did).  Login still works.  Can somebody
confirm this is still a problem?  If yes, will we need to use the new
su-replacement?
Comment 2 Tim Waugh 2004-09-30 11:12:40 UTC 
Not sure; I'm not using SELinux at the moment I'm afraid.
Comment 3 Daniel Walsh 2004-09-30 13:45:44 UTC 
This should not be a problem.  The 'su' replacement (Which it is not)
is only used for init startup scripts and cron jobs.  Basically any
place where you don't need the suid and pam stuff.

Dan
Comment 4 Daniel Walsh 2004-09-30 13:54:29 UTC 
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/Fedora/RPMS/
Comment 5 Ulrich Drepper 2004-09-30 16:35:09 UTC 
So you're saying the whole bug should not be an issue and can be
closed?  Was there something back in May which could have caused problems?


And: What is the reason for posting the URL?
Comment 6 Daniel Walsh 2004-09-30 18:20:41 UTC 
Yes rpm updates were doing a service restart which caused ssh to come
up in the wrong state.  

Oops, I pasted the html in the wrong page.  Got to stop reading two
bugzillas at once.