Bug 781634
Summary: | We are currently running the privsep parent process as sshd_t, I believe we should run this as the users context. | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Daniel Walsh <dwalsh> | ||||||||
Component: | openssh | Assignee: | Petr Lautrbach <plautrba> | ||||||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
Severity: | unspecified | Docs Contact: | |||||||||
Priority: | unspecified | ||||||||||
Version: | rawhide | CC: | eparis, gl041188, mattias.ellert, mgrepl, mmcgrath, plautrba, tmraz | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | openssh-5.9p1-17.fc17 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | |||||||||||
: | 798241 (view as bug list) | Environment: | |||||||||
Last Closed: | 2012-01-31 14:04:52 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | |||||||||||
Bug Blocks: | 798241, 798534 | ||||||||||
Attachments: |
|
I agree, This should only be called once. I would like to get this out to Rawhide to make sure we don't break anything before we go into RHEL6. I want to see if this works with X Forwarding as well as port forwarding. It's built in Rawhide now. Since this version, SELinux sshd_forward_ports boolean has no effect and ssh port forwarding is confined with SELinux users rights. Excellent, we will remove the boolean. |
Created attachment 557700 [details] do not call do_setusercontext() twice The latest patch looks good but I get non-fatal AVC: type=SYSCALL msg=audit(1327588018.854:570): arch=c000003e syscall=1 success=no exit=-13 a0=4 a1=7f9e2e0be890 a2=1b a3=6e65727275632f72 items=0 ppid=8950 pid=8951 auid=1002 uid=1002 gid=1002 euid=1002 suid=1002 fsuid=1002 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=22 comm="sshd" exe="/usr/sbin/sshd" subj=staff_u:staff_r:staff_t:s0 key=(null) type=AVC msg=audit(1327588018.854:570): avc: denied { setcurrent } for pid=8951 comm="sshd" scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:staff_r:staff_t:s0 tclass=process There are 2 do_setusercontext() calls if use_privsep is set. First in privsep_postauth() in sshd.c and second in do_child() in session.c. I think that we should avoid calling do_setusercontext() in do_child() if we have already separated privileges.