Bug 447943
Summary: | Detection of SELinux enforcing mode is broken in sshd | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bryan O'Sullivan <bos> | ||||
Component: | openssh | Assignee: | Tomas Mraz <tmraz> | ||||
Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 9 | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-10-17 08:16:52 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Bryan O'Sullivan
2008-05-22 15:31:04 UTC
It should not affect Fedora 9 because the SELinux support was mostly replaced a few Fedora releases ago. If you have some problems with SELinux and OpenSSH in Fedora 9 it is a different problem. Please provide debug logs from the server. Created attachment 306395 [details]
output of sshd -Dde
Here's an example server log.
As you can see from the log, the actual failure is in the setresuid call - it seems that the uid 1000 exceeded the limit of number of processes. Perhaps you have something wrong in /etc/security/limits.conf or limits.d? ssh_selinux_getctxbyname: Failed to get default SELinux security context for bos ssh_selinux_setup_exec_context: SELinux failure. Continuing in permissive mode. Also it is true that these messages should not be there, perhaps there is something wrong with your SELinux policy? What prints 'semanage -l login' and 'semanage -l user'? I've disabled SELinux entirely, which solves the problem in the usual way. However, I never modified any of my security settings, so whatever was in /etc/security was provided by Fedora, not me. This was a completely clean Fedora 9 install from scratch onto a new drive. You should be able to find the same settings as I have in the original stock RPMs. Have you upgraded the system recently? Do you have fresh selinux-policy-targeted installed? There is a soft limit of maximum 1024 processes per user is it possible that you could have so many processes running? I have this: selinux-policy-targeted-3.3.1-51.fc9.noarch Regarding processes, the machine is mostly idle. I currently have 59 processes running, and that's unusually high because I'm logged in at the console. Can you still reproduce the problem with the latest selinux-policy from updates-testing? Unfortunately I was not able to reproduce the problem here. I cannot reproduce the problem -> no fix. |