Bug 403761
| Summary: | Can't start sshd after f7 upgrade to f8 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Daniel Cestari <dcestari> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 8 | CC: | zing |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Current | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-01-30 19:19:50 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Daniel Cestari
2007-11-29 02:07:49 UTC
same:
# service sshd start
Starting sshd: ./sshd: line 111: /usr/sbin/sshd: Permission denied
[FAILED]
# rpm -q openssh-server
openssh-server-4.7p1-4.fc8
# rpm -q selinux-policy-targeted
selinux-policy-targeted-3.0.8-58.fc8
setenforce 0 will allow ssh to start. no avc messages (must be hidden or
something) btw.
Execute # semanage user -a -P unconfined -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u Logout and log back in. Then it should work. This should have happened on the install of the policy. That seams to solve the problem. Anyway, it should still be a bug since selinux-policy's f8 version didn't do it. Thanks! That seems to work here to. If the intent is to run this command on _upgrade_... in the postinstall scriptlet then you'd want to change: -if [ $1 = 1 ]; then +if [ $1 -ge 2 ]; then basically: 1. When the first version of a package is installed, its %pre and %post scripts will be passed an argument equal to 1. 2. When the last version of a package is erased, its %preun and %postun scripts will be passed an argument equal to 0. hope that clarifies what should happen and what should be fixed, because I'm unsure what really needs to happen in the selinux rpm scripts. Fixed in selinux-policy-3.0.8-63.fc8 i think you meant to put comment #5 in some other bug? this bug doesn't have anything to do with labeling of hpijs. Also tested selinux-policy-3.0.8-63.fc8 and it doesn't fix the problem. Daniel did you log out and log back in, and then try to restart sshd? In fact I have restarted the computer several times after the upgrade, and still doesn't let me start ssh unless I do "setenforce 0" first. Daniel. Login as root and execute # id -Z # semanage login -l Did you execute # semanage user -a -P unconfined -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u Here they are, # id -Z user_u:system_r:unconfined_t # semanage login -l Nombre de Ingreso Usuario SELinux Rango MLS/MCS __default__ user_u s0 root root SystemLow-SystemHigh And I did execute it, but the problem persisted after rebooting. # semanage login -m -s unconfined_u __default__ Should fix you to default to the unconfined_u user. Logout and log back in. And see if it works. Could you show me # semanage user -l OK that first command (after login out and in) let me start sshd properly. But I'm still getting the setkeycreate problem from bug #399031 . As for your request: # semanage user -l Etiquetado MLS/ MLS/ Usuario SELinux Prefijo Nivel MCS Rango MCS Roles SELinux root sysadm s0 SystemLow-SystemHigh system_r sysadm_r staff_r staff_u staff s0 SystemLow-SystemHigh sysadm_r staff_r sysadm_u sysadm s0 SystemLow-SystemHigh sysadm_r system_u user s0 SystemLow-SystemHigh system_r unconfined_u unconfined s0 SystemLow-SystemHigh system_r unconfined_r user_u user s0 s0 system_r user_r Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen. |