Red Hat Bugzilla – Bug 122523
restarts ssh but with incorrect security context
Last modified: 2007-11-30 17:10:42 EST
Description of problem:
Upgrading glibc on an enforcing-mode SELinux machine renders it
incapable of accepting remote ssh logins until ssh is restarted by hand.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Run SELinux enforcing mode.
2. Log in via ssh -- it works
3. Upgrade glibc (ssh is restarted in %post)
4. Try to log in via ssh - the log in is refused
This is because sshd is running in rpm_t context, due to being
restarted in an rpm scriptlet.
I thing I updated my system today without explicitly restarting ssh
(i.e., the glibc spec file did). Login still works. Can somebody
confirm this is still a problem? If yes, will we need to use the new
Not sure; I'm not using SELinux at the moment I'm afraid.
This should not be a problem. The 'su' replacement (Which it is not)
is only used for init startup scripts and cron jobs. Basically any
place where you don't need the suid and pam stuff.
So you're saying the whole bug should not be an issue and can be
closed? Was there something back in May which could have caused problems?
And: What is the reason for posting the URL?
Yes rpm updates were doing a service restart which caused ssh to come
up in the wrong state.
Oops, I pasted the html in the wrong page. Got to stop reading two
bugzillas at once.