Red Hat Bugzilla – Bug 358761
SELinux is preventing /usr/sbin/sshd (sshd_t) "read" to <Unknown> (var_lib_t).
Last modified: 2008-03-05 17:17:13 EST
Description of problem:
I've installed freenx on a machine which is using ssh for connections. Whenever
I try and make a connection to this machine via a NoMachine client, this error
comes up on the setroubleshoot browser. All the relevant keys are in place
between the two machines.
I get the same error when trying to ssh onto the same machine using ssh keys
rather than logging in with a password.
I can ssh onto the machine using password authentication, but as soon as a key
is used for authentication, SELinux denies access.
Version-Release number of selected component (if applicable): 3.0.8-36.fc8
How reproducible: Every time
Steps to Reproduce:
1. ssh to the machine using key access
Actual results: SELinux denial
Expected results: Connection to establish using ssh keys
I changed the booleans for SSH under SELinux Administration
* Allow ssh logins as sysadm_r:sysadm_t
* Allow ssh to run ssh-keysign
and now get an extra error:
SELinux is preventing /usr/sbin/sshd (sshd_t) "getattr" to
This is when making an NXClient connection to the machine or ssh'ing to the
machine as the nx user (I think - I've only managed to replicate this part twice
When I say I changed the booleans in SELinux Administration - they didn't have a
tick in the box and I selected them so they both have ticks in the box.
The easiest solution is just to modify the policy
grep ssh /var/log/audit/audit.log | audit2allow -M myssh
semodule -i myssh.pp
A bettter long term solution would be to get a policy for freenix.
in updated fixed as of selinux-policy-3.0.8-77
feel free to use my packages, until they will be publicly available
Bugs have been in modified for over one month. Closing as fixed in current
release please reopen if the problem still persists.