Bug 367191 - "service sshd restart" - fails on fresh install of Fedora 8
Summary: "service sshd restart" - fails on fresh install of Fedora 8
Keywords:
Status: CLOSED DUPLICATE of bug 364971
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 8
Hardware: x86_64
OS: Linux
high
urgent
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-05 18:05 UTC by Mike A. Harris
Modified: 2010-11-09 23:45 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2007-11-05 23:39:45 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
SElinux audit log (12.67 KB, text/plain)
2007-11-05 18:23 UTC, Mike A. Harris 		no flags Details
View All

Description Mike A. Harris 2007-11-05 18:05:10 UTC 
Description:

On a fresh OS install of Fedora 8 (leaked from a mirror), the sshd service
starts up at boot time, but can not be restarted afterward by the initscript:

[root@hammer ~]# service sshd status
sshd (pid 1900) is running...
[root@hammer ~]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied
                                                           [FAILED]
[root@hammer ~]# service sshd start
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied
                                                           [FAILED]
[root@hammer ~]# service sshd start
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied
                                                           [FAILED]



Version-Release number of selected component (if applicable):
[root@hammer ~]# rpm -qa |grep openssh
openssh-server-4.7p1-2.fc8
openssh-4.7p1-2.fc8
openssh-askpass-4.7p1-2.fc8
openssh-clients-4.7p1-2.fc8


How reproducible:
100%

Additional information:
If I just run "/usr/sbin/sshd" by itself, it does start up, but of course
not without the commandline arguments it normally starts with, etc.
Comment 1 Mike A. Harris 2007-11-05 18:14:56 UTC 
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted
Comment 2 Mike A. Harris 2007-11-05 18:16:06 UTC 
selinux-policy-3.0.8-44.fc8
selinux-policy-targeted-3.0.8-44.fc8
setroubleshoot-plugins-1.10.3-1.fc8
setroubleshoot-1.10.7-1.fc8
setroubleshoot-server-1.10.7-1.fc8
Comment 3 Mike A. Harris 2007-11-05 18:23:00 UTC 
Created attachment 248511 [details]
SElinux audit log
Comment 4 Mike A. Harris 2007-11-05 18:35:39 UTC 
[root@hammer tmp]# restorecon /usr/sbin/sshd
[root@hammer tmp]# restorecon /etc/init.d/sshd
[root@hammer tmp]# service sshd restart
Stopping sshd:                                             [FAILED]
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied
                                                           [FAILED]
Comment 5 Will Woods 2007-11-05 20:35:41 UTC 
Could be a duplicate of bug 364971 - can you try the fix mentioned there?
Comment 6 Jason Farrell 2007-11-05 23:15:09 UTC 
This affected me as well, but Dan Walsh's fix from
https://bugzilla.redhat.com/show_bug.cgi?id=364971#c5 did the trick:

[root@nano ~]# setenforce 0
[root@nano ~]# /etc/init.d/sshd restart
Stopping sshd:                                             [FAILED]
Starting sshd:                                             [  OK  ]
[root@nano ~]# setenforce 1
[root@nano ~]# /etc/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied
                                                           [FAILED]
[root@nano ~]# semanage user -m -r s0-s0:c0.c1023 unconfined_u
[root@nano ~]# /etc/init.d/sshd restart
Stopping sshd:                                             [FAILED]
Starting sshd:                                             [  OK  ]
Comment 7 Tomas Mraz 2007-11-05 23:39:45 UTC 

*** This bug has been marked as a duplicate of 364971 ***
Note You need to log in before you can comment on or make changes to this bug.