Description of problem: Logging in to Fedora rawhide with ssh produces AVC denial in audit.log. Version-Release number of selected component (if applicable): pam-1.3.0-3.fc27.x86_64 openssh-server-7.5p1-2.fc27.x86_64 selinux-policy-3.13.1-252.fc27.noarch How reproducible: Deterministic. Steps to Reproduce: 1. ssh to Fedora rawhide machine, with ssh key. 2. Check audit.log for new AVC denials. Actual results: type=AVC msg=audit(1494320161.241:190): avc: denied { dac_read_search } for pid=1573 comm="unix_chkpwd" capability=2 scontext=system_u:system_r:chkpwd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:chkpwd_t:s0-s0:c0.c1023 tclass=capability permissive=0 Expected results: No AVC denial. Additional info:
Note of similar bug 1449108 against chrony -> kernel .
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle. Changing version to '27'.
I no longer see this issue with selinux-policy-3.13.1-283.34.fc27.noarch. Should this bugzilla be closed CURRENTRELEASE, with some fixed in version set?