Description of problem: Upgrading glibc on an enforcing-mode SELinux machine renders it incapable of accepting remote ssh logins until ssh is restarted by hand. Version-Release number of selected component (if applicable): openssh-3.6.1p2-34 glibc-2.3.3-24 policy-1.11.2-21 How reproducible: 100% Steps to Reproduce: 1. Run SELinux enforcing mode. 2. Log in via ssh -- it works 3. Upgrade glibc (ssh is restarted in %post) 4. Try to log in via ssh - the log in is refused This is because sshd is running in rpm_t context, due to being restarted in an rpm scriptlet.
I thing I updated my system today without explicitly restarting ssh (i.e., the glibc spec file did). Login still works. Can somebody confirm this is still a problem? If yes, will we need to use the new su-replacement?
Not sure; I'm not using SELinux at the moment I'm afraid.
This should not be a problem. The 'su' replacement (Which it is not) is only used for init startup scripts and cron jobs. Basically any place where you don't need the suid and pam stuff. Dan
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/Fedora/RPMS/
So you're saying the whole bug should not be an issue and can be closed? Was there something back in May which could have caused problems? And: What is the reason for posting the URL?
Yes rpm updates were doing a service restart which caused ssh to come up in the wrong state. Oops, I pasted the html in the wrong page. Got to stop reading two bugzillas at once.