Bug 172409

Summary: Can't kill (another) session of the same user
Product: [Fedora] Fedora Reporter: Robert Scheck <redhat-bugzilla>
Component: util-linuxAssignee: Karel Zak <kzak>
Status: CLOSED NOTABUG QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-08-21 14:32:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Scheck 2005-11-04 00:16:11 UTC 
Description of problem:
For example, open up two sessions using ssh with the same user:

> who -H -u -w
NAME       LINE         TIME         IDLE          PID COMMENT
robert   + pts/4        Nov  3 12:41   .         11181 (nicehost)
robert   + pts/5        Nov  3 12:41   .         11222 (nicehost)
>

> echo $SSH_TTY
/dev/pts/4
> 

> kill -9 11222
-bash: kill: (11222) - Die Operation ist nicht erlaubt
>

Oh, and what I noticed later:

>
kill -9 11181
-bash: kill: (11181) - Die Operation ist nicht erlaubt
>

"Die Operation ist nicht erlaubt" means something like, that I'm not allowed to 
do this.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.27.2-11
selinux-policy-targeted-1.27.2-12

How reproducible:
Everytime, see above.

Actual results:
Can't kill another session of the same user. Can't also kill my own session.

Expected results:
What isn't possible, currently and described.

Additional info:
I'm assigning this bug report against the policy because, as far as I can 
remember, this worked without enabled MCS/MLS.
Comment 1 Daniel Walsh 2005-11-04 12:41:34 UTC 
I don't believe this is an SELinux bug.

Did you see any AVC Messages?

You could prove it is not selinux by setenforce 0
and then try it,  if you still can not kill the process, it is not SELinux.
Comment 2 Robert Scheck 2005-11-04 12:45:09 UTC 
Okay, you're right - sorry for bothering. And to which component have I to 
reassign this now?
Comment 3 Daniel Walsh 2005-11-04 14:28:20 UTC 
Well first try util-linux.  (It contains the kill command.)
Comment 4 Robert Scheck 2006-05-31 21:07:46 UTC 
Ping?
Comment 5 Karel Zak 2006-08-21 14:32:17 UTC 
Please, check the PID by "ps aux | grep <PID>". I think you're sending the
signal to ssh process which has root permissions...

$ who -H -u -w
NAME       LINE         TIME         IDLE          PID COMMENT
kzak     + pts/5        Aug 21 16:29 00:01       27190 (petra)

$ ps aux | grep 27190
root     27190  0.0  0.4   7788  2508 ?        Ss   16:29   0:00 sshd: kzak [priv]