Description of problem: SELinux is preventing /usr/sbin/sshd from using the 'execstack' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que sshd devrait être autorisé à accéder execstack sur les processus étiquetés sshd_t par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep sshd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023 Target Context system_u:system_r:sshd_t:s0-s0:c0.c1023 Target Objects [ process ] Source sshd Source Path /usr/sbin/sshd Port <Unknown> Host (removed) Source RPM Packages openssh-server-6.4p1-3.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-10.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.13.0-0.rc3.git5.1.fc21.x86_64 #1 SMP Sat Dec 14 15:06:01 UTC 2013 x86_64 x86_64 Alert Count 12 First Seen 2013-12-30 00:33:15 CET Last Seen 2013-12-30 11:06:26 CET Local ID 34877996-cdb9-4ce2-8590-1fc09723a33a Raw Audit Messages type=AVC msg=audit(1388397986.4:81936): avc: denied { execstack } for pid=29602 comm="sshd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process type=SYSCALL msg=audit(1388397986.4:81936): arch=x86_64 syscall=mprotect success=no exit=EACCES a0=7fffad83d000 a1=1000 a2=1000007 a3=0 items=0 ppid=919 pid=29602 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=sshd exe=/usr/sbin/sshd subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) Hash: sshd,sshd_t,sshd_t,process,execstack Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.13.0-0.rc3.git5.1.fc21.x86_64 type: libreport
Also needs execmem
*** This bug has been marked as a duplicate of bug 1045699 ***