Bug 757534

Summary: SELinux is preventing /usr/sbin/sshd from 'write' accesses on the file sshd.pid.
Product: [Fedora] Fedora Reporter: NM <andrew.kavalov>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:ec7e2747a7c987352409c38e70c80eb730637020f5b45f23a5a2fe9dfcd12c8f
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-11-28 10:17:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: description none

Description NM 2011-11-27 16:39:08 UTC 
libreport version: 2.0.7
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.1.2-1.fc16.x86_64
reason:         SELinux is preventing /usr/sbin/sshd from 'write' accesses on the file sshd.pid.
time:           Sun 27 Nov 2011 11:35:19 AM EST

description:    Text file, 2292 bytes
Comment 1 NM 2011-11-27 16:39:11 UTC 
Created attachment 537180 [details]
File: description
Comment 2 Miroslav Grepl 2011-11-28 10:17:04 UTC 
Have you ever started sshd daemon directly without using systemctl?

You need to execute

# restorecon -R -v /var/run/sshd.pid
Comment 3 NM 2011-11-28 14:20:43 UTC 
Dear Miroslav. 

I ran 'sshd -DEddd' from command prompt to debug connection problems. I fixed it finally after dealing with SELinux issue(s). However, I think, but not sure, I fixed it with the commands recommended in ABRT attachment above. 

# grep sshd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

I should not have done that am I? I am not familiar with SELinux. Can you please comment as to what exactly did I do? And if that requres 'fixing back'?

Also, I recall to run 'fixfiles onboot'. sshd works now but leaves a message in the 'secure' log file: 

ssh_selinux_change_context: setcon failed with Invalid argument

I am not sure what does it mean - but still annoying. 

Thanks again, and please advise if i should revert the changes recomended by abrt in attachment.

NM
Comment 4 Daniel Walsh 2011-11-29 03:09:19 UTC 
semodule -r mypol

Will remove your custom policy change.
Comment 5 NM 2011-11-29 03:47:24 UTC 
Thanks a lot.