Bug 465283

Summary: SELinux denials on remote root login
Product: [Fedora] Fedora Reporter: Orion Poplawski <orion>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 10CC: dwalsh, mgrepl, tmraz
Target Milestone: ---Keywords: Reopened, SELinux
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-11-30 00:39:38 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
output from SEtroubleshoot none

Description Orion Poplawski 2008-10-02 11:38:12 EDT
Description of problem:

Logging in as root via ssh.

/var/log/messages:Oct  2 09:11:23 test kernel: type=1400 audit(1222960283.046:4): avc:  denied  { search } for  pid=2594 comm="sshd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_crond_t:s0-s0:c0.c1023 tclass=key
/var/log/secure:Oct  2 09:11:23 test sshd[2594]: Accepted publickey for root from port 34507 ssh2
/var/log/secure:Oct  2 09:11:23 test sshd[2594]: pam_unix(sshd:session): session opened for user root by (uid=0)

Version-Release number of selected component (if applicable):
Comment 1 Daniel Walsh 2008-10-02 11:53:22 EDT
This is a kernel bug, but I will get rid of the avc for now.

Fixed in selinux-policy-3.5.9-5.fc10.noarch
Comment 2 Matěj Cepl 2008-11-18 09:22:37 EST
Created attachment 323900 [details]
output from SEtroubleshoot

Happens again with

[matej@hubmaier ~]$ rpm -q openssh selinux-policy-targeted kernel
[matej@hubmaier ~]$ uname -r
[matej@hubmaier ~]$
Comment 3 Daniel Walsh 2008-11-18 13:43:19 EST
Well I run this under audit2allow on selinux-policy-targeted-3.5.13-21.fc10.noarch

and it says it should be allowed.
Comment 4 Bug Zapper 2008-11-25 22:28:21 EST
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
Comment 5 Orion Poplawski 2008-11-30 00:39:38 EST
I don't see this anymore.