Description of problem: unable to ssh to this machine. SELinux is preventing /usr/sbin/sshd from using the 'transition' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that sshd should be allowed transition access on processes labeled unconfined_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep sshd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:unconfined_service_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0 Target Objects /usr/bin/bash [ process ] Source sshd Source Path /usr/sbin/sshd Port <Unknown> Host (removed) Source RPM Packages openssh-server-6.6.1p1-4.fc21.x86_64 Target RPM Packages bash-4.3.22-1.fc21.x86_64 Policy RPM selinux-policy-3.13.1-77.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.16.1-301.mst.fc21.x86_64 #1 SMP Tue Aug 26 02:24:06 UTC 2014 x86_64 x86_64 Alert Count 4 First Seen 2014-09-02 08:55:43 CEST Last Seen 2014-09-02 08:58:40 CEST Local ID c4165bc6-218f-40cf-9616-bd2da21ba31f Raw Audit Messages type=AVC msg=audit(1409641120.497:2256): avc: denied { transition } for pid=4125 comm="sshd" path="/usr/bin/bash" dev="dm-1" ino=280854 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0 type=SYSCALL msg=audit(1409641120.497:2256): arch=x86_64 syscall=execve success=no exit=EACCES a0=7feb80262250 a1=7ffff2dd9470 a2=7feb802602e0 a3=8 items=0 ppid=4120 pid=4125 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts1 ses=29 comm=sshd exe=/usr/sbin/sshd subj=system_u:system_r:unconfined_service_t:s0 key=(null) Hash: sshd,unconfined_service_t,unconfined_t,process,transition Version-Release number of selected component: selinux-policy-3.13.1-77.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.16.1-301.mst.fc21.x86_64 type: libreport
Did you upgrade your system fro F20? You have labeling problem. You will need to run # touch /.autorelabel;reboot
it's working after relabeling system.
Description of problem: ssh <user>@<hostname> $ ssh root@localhost root@localhost's password: Last login: Wed Mar 4 09:57:38 2015 from ovpn-200-18.brq.redhat.com /bin/bash: Permission denied Connection to localhost closed. Version-Release number of selected component: selinux-policy-3.13.1-105.3.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.18.7-200.fc21.x86_64 type: libreport
Description of problem: Trying to ssh into the machine. My shell is set to zsh, but apparently that's not allowed, and ssh reports: /bin/zsh: Permission denied Version-Release number of selected component: selinux-policy-3.13.1-105.13.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.19.2-201.fc21.x86_64 type: libreport