Bug 1812901

Summary: module policies not allowing cockpit and ssh to execute
Product: [Fedora] Fedora Reporter: Iker Pedrosa <ipedrosa>
Component: selinux-policyAssignee: Zdenek Pytela <zpytela>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 32CC: dwalsh, grepl.miroslav, lvrabec, plautrba, vmojzis, zpytela
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-12 19:58:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
sealert_output none

Description Iker Pedrosa 2020-03-12 13:24:11 UTC 
Created attachment 1669654 [details]
sealert_output

Description of problem:
After installing latest pam module (still in bodhi) cockpit and ssh are not able to execute because there isn't any module policy allowing them to do so regarding netlink_selinux_socket. This update of pam enables checking the default policy for unknown classes.

The problem has been found in fedora 32 (https://bodhi.fedoraproject.org/updates/FEDORA-2020-d0986e01cd) but it also applies to 31 (https://bodhi.fedoraproject.org/updates/FEDORA-2020-8c23cecdce) and it may apply to rawhide.

As a final point I would like to point out that the information given in this bugzilla refers on how to reproduce the problem with ssh in fedora 31, but it also applies to cockpit and fedora 32 and rawhide.


Version-Release number of selected component (if applicable):
selinux-policy-3.14.4-49.fc31
pam-1.3.1-22.fc31


How reproducible:
Try to open a new session in ssh after installing new version of pam.


Steps to Reproduce:
1. Install new version of pam.
2. Try to open an ssh session.

Actual results:
Ssh session is not opened.


Expected results:
Ssh session should be opened.


Additional info:
Check sealert_output attachment.
Comment 1 Petr Lautrbach 2020-03-12 19:58:20 UTC 

*** This bug has been marked as a duplicate of bug 1813023 ***