Bug 805217
| Summary: | AVC when connecting to internal-sftp using unconfined user in targeted | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Miroslav Vadkerti <mvadkert> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.3 | CC: | dwalsh, mmalik, plautrba |
| Target Milestone: | rc | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.7.19-142.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-20 12:32:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
We allow it for other SELinux users and we have it for unconfined in Fedora too. Fixed in selinux-policy-3.7.19-142.el6 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0780.html |
Description of problem: time->Tue Mar 20 17:48:49 2012 type=SYSCALL msg=audit(1332262129.764:30790): arch=c000003e syscall=1 success=no exit=-13 a0=3 a1=7fe1bb050820 a2=36 a3=6e65727275632f72 items=0 ppid=7452 pid=7460 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=295 comm="sshd" exe="/usr/sbin/sshd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1332262129.764:30790): avc: denied { dyntransition } for pid=7460 comm="sshd" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process Version-Release number of selected component (if applicable): selinux-policy-3.7.19-139.el6 How reproducible: 100% Steps to Reproduce: 1. install openssh-server 2. change sftp subsystem to internal-sftp in sshd_config 3. restart sshd 4. try to connecting via sftp as root Actual results: AVC denial Expected results: No AVC denial Additional info: Adding as regression KW as there was no such AVC in the previous versions