| Summary: | SELinux is preventing /usr/sbin/sshd from write access on the file sshd.pid | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Germano Massullo <germano.massullo> |
| Component: | selinux-policy-targeted | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 22 | CC: | dwalsh |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-03-11 13:44:57 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Looks like you ran it manually and it created a pid file with the wrong label. restorecon -R -v /run/ Will fix the label, and then sshd will work with SELinux again. |
I manually stopped SSHd, then after some minutes I restarted SELinux and I got SELinux is preventing /usr/sbin/sshd from write access on the file sshd.pid. ***** Plugin catchall (100. confidence) suggests ************************** If si crede che sshd dovrebbe avere possibilità di accesso write sui sshd.pid file in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep sshd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:var_run_t:s0 Target Objects sshd.pid [ file ] Source sshd Source Path /usr/sbin/sshd Port <Unknown> Host Source RPM Packages openssh-server-7.1p2-4.fc23.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-158.9.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name machine Platform Linux machine 4.4.3-300.fc23.x86_64 #1 SMP Fri Feb 26 18:45:40 UTC 2016 x86_64 x86_64 Alert Count 1 First Seen 2016-03-11 12:31:31 CET Last Seen 2016-03-11 12:31:31 CET Local ID dc8da542-2c78-4b6c-b502-156c92b8e2a1 Raw Audit Messages type=AVC msg=audit(1457695891.944:534): avc: denied { write } for pid=7975 comm="sshd" name="sshd.pid" dev="tmpfs" ino=84613 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=0 type=SYSCALL msg=audit(1457695891.944:534): arch=x86_64 syscall=open success=no exit=EACCES a0=5601504e2550 a1=241 a2=1b6 a3=240 items=0 ppid=7971 pid=7975 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=sshd exe=/usr/sbin/sshd subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) Hash: sshd,sshd_t,var_run_t,file,write