Summary SELinux is preventing /usr/sbin/sshd (sshd_t) "setkeycreate" to <Unknown> (sshd_t). Detailed Description SELinux denied access requested by /usr/sbin/sshd. It is not expected that this access is required by /usr/sbin/sshd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023 Target Context system_u:system_r:sshd_t:s0-s0:c0.c1023 Target Objects None [ process ] Affected RPM Packages openssh-server-4.7p1-4.fc8 [application] Policy RPM selinux-policy-3.0.8-58.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name mentos Platform Linux mentos 2.6.23.1-49.fc8 #1 SMP Thu Nov 8 21:41:26 EST 2007 i686 i686 Alert Count 1 First Seen Fri 30 Nov 2007 03:13:14 PM CST Last Seen Fri 30 Nov 2007 03:13:14 PM CST Local ID ebca90aa-bcf5-4fe6-9b4d-9063f52a028d Line Numbers Raw Audit Messages avc: denied { setkeycreate } for comm=sshd egid=0 euid=0 exe=/usr/sbin/sshd exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=6297 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 suid=0 tclass=process tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tty=(none) uid=0
Sshd now calls setkeycreatecon so pam_keyinit can work correctly. This must be allowed in policy.
Fixed in selinux-policy-3.0.8-63.fc8
Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen.