Bug 1583089
Summary: | SELinux is preventing /usr/bin/ssh-keygen from map access on the file /usr/bin/ssh-keygen | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Lukas Slebodnik <lslebodn> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.6 | CC: | lvrabec, mgrepl, mmalik, plautrba, ssekidde |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.13.1-202.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-10-30 10:04:31 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Lukas Slebodnik
2018-05-28 08:19:50 UTC
Following SELinux denial appeared in enforcing mode: ---- type=PROCTITLE msg=audit(06/05/2018 16:32:37.910:466) : proctitle=(null) type=PATH msg=audit(06/05/2018 16:32:37.910:466) : item=1 name=/lib64/ld-linux-x86-64.so.2 inode=418713 dev=fd:00 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:ld_so_t:s0 objtype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=PATH msg=audit(06/05/2018 16:32:37.910:466) : item=0 name=/usr/bin/ssh-keygen inode=12821437 dev=fd:00 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:ssh_keygen_exec_t:s0 objtype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0 type=CWD msg=audit(06/05/2018 16:32:37.910:466) : cwd=/ type=SYSCALL msg=audit(06/05/2018 16:32:37.910:466) : arch=x86_64 syscall=execve success=no exit=EACCES(Permission denied) a0=0x21e7ff0 a1=0x21e7a60 a2=0x21e1c60 a3=0x7ffcb331af20 items=2 ppid=26139 pid=26145 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=ssh-keygen exe=/usr/bin/ssh-keygen subj=system_u:system_r:sshd_keygen_t:s0 key=(null) type=AVC msg=audit(06/05/2018 16:32:37.910:466) : avc: denied { map } for pid=26145 comm=ssh-keygen path=/usr/bin/ssh-keygen dev="dm-0" ino=12821437 scontext=system_u:system_r:sshd_keygen_t:s0 tcontext=system_u:object_r:ssh_keygen_exec_t:s0 tclass=file permissive=0 ---- Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3111 |