Bug 996193
Summary: | SELinux is preventing /usr/sbin/sshd from 'open' accesses on the file /mnt/smb/devapp151/.ssh/authorized_keys. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | greg.hellings |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 19 | CC: | dominick.grift, dwalsh, mgrepl |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:6d9ad0839d08cf62b16cdea407d7702a1c361c50f60837a2e43c47d727b47ea9 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-08-19 14:52:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
greg.hellings
2013-08-12 15:39:03 UTC
Thank you for your support. If you read the alert, it told you exactly what had to be done. ***** Plugin catchall_boolean (89.3 confidence) suggests ******************* If you want to support SAMBA home directories Then you must tell SELinux about this by enabling the 'use_samba_home_dirs' boolean. You can read 'None' man page for more details. Do setsebool -P use_samba_home_dirs 1 Well, good try. But 1) Samba is not in use on this system 2) The home directory is on a local disk 3) I ran the second portion of the suggestion # grep sshd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp twice and the error still happens. Thus, this is a bug. And it continues to be one. type=AVC msg=audit(1376321650.790:478): avc: denied { open } for pid=2559 comm="sshd" path="/mnt/smb/devapp151/.ssh/authorized_keys" dev="cifs" ino=43149021 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cifs_t:s0 tclass=file type=SYSCALL msg=audit(1376321650.790:478): arch=x86_64 syscall=open success=yes exit=EINTR a0=7f2d9c5ddd30 a1=800 a2=1 a3=7f2d98d2f2e0 items=0 ppid=933 pid=2559 auid=4294967295 uid=0 gid=0 euid=1000 suid=0 fsuid=1000 egid=1000 sgid=0 fsgid=1000 ses=4294967295 tty=(none) comm=sshd exe=/usr/sbin/sshd subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) Hash: sshd,sshd_t,cifs_t,file,open THis avc indicates that you have a file /mnt/smb/devapp151/.ssh/authorized_keys that is labeled as cifs_t, which is the label of samba shares. Indicating either this is a samba share mounted from another machine or it is a directory that was moved off of a samba share. |