Bug 224437 - AVC denials prevent remote SSH logins
AVC denials prevent remote SSH logins
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2007-01-25 13:10 EST by Daniel Berrange
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-08-01 14:52:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Daniel Berrange 2007-01-25 13:10:27 EST
Description of problem:
 ssh root@[removed hostname]
/bin/bash: Permission denied
Connection to [removed hostname] closed.

Looking in the /var/log/audit/audit.log file after this failure I see:

type=AVC msg=audit(1169748817.951:110): avc:  denied  { entrypoint } for 
pid=2671 comm="sshd" name="bash" dev=dm-0 ino=17305623
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
type=AVC_PATH msg=audit(1169748817.951:110):  path="/bin/bash"

I am logging in using SSH agent, but logging in with passwords fails too.

Version-Release number of selected component (if applicable):

The rest of the machine is updated to rawhide as of 11 EST  Jan 25

How reproducible:
All remote ssh logins

Steps to Reproduce:
1. Boot host with SELinux enabled & sshd running
2. Attempt to login in remotely with SSH
Actual results:
The connection is dropped

Expected results:
Login completes

Additional info:
I have checked the SSH daemon is running in the sshd_t domain:

system_u:system_r:sshd_t:SystemLow-SystemHigh root 2028 0.0  0.0 44296 1096 ? 
Ss   13:12   0:00 /usr/sbin/sshd

And have rebooted & done a full filesystem re-label several times over.
Comment 1 Daniel Walsh 2007-01-25 14:21:54 EST
Fixed in selinux-policy-2.5.2-1.fc7
Comment 2 Daniel Berrange 2007-08-01 14:52:15 EDT
Was fixed a while ago...

Note You need to log in before you can comment on or make changes to this bug.