Bug 358761
Summary: | SELinux is preventing /usr/sbin/sshd (sshd_t) "read" to <Unknown> (var_lib_t). | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Duncan Innes <duncan> |
Component: | selinux-policy | Assignee: | Josef Kubin <jkubin> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 8 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Current | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-03-05 22:17:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Duncan Innes
2007-10-30 18:29:19 UTC
I changed the booleans for SSH under SELinux Administration * Allow ssh logins as sysadm_r:sysadm_t * Allow ssh to run ssh-keysign and now get an extra error: SELinux is preventing /usr/sbin/sshd (sshd_t) "getattr" to /var/lib/nxserver/home/.ssh/authorized_keys (var_lib_t). This is when making an NXClient connection to the machine or ssh'ing to the machine as the nx user (I think - I've only managed to replicate this part twice now). When I say I changed the booleans in SELinux Administration - they didn't have a tick in the box and I selected them so they both have ticks in the box. The easiest solution is just to modify the policy grep ssh /var/log/audit/audit.log | audit2allow -M myssh semodule -i myssh.pp Should fix A bettter long term solution would be to get a policy for freenix. in updated fixed as of selinux-policy-3.0.8-77 feel free to use my packages, until they will be publicly available http://people.redhat.com/jkubin/selinux/F8/ Bugs have been in modified for over one month. Closing as fixed in current release please reopen if the problem still persists. |