Bug 408611 - SSHD avc for /var/log/btmp
SSHD avc for /var/log/btmp
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
x86_64 Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-12-03 08:34 EST by Paweł Hołuj
Modified: 2008-01-03 11:01 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-12-03 13:09:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Paweł Hołuj 2007-12-03 08:34:13 EST
selinux-policy version: selinux-policy-3.0.8-58.fc8

Description of problem:
SSHD get access denied for file /var/log/btmp
Security context for /var/log/btmp:
SSHD using system_u:system_r:sshd_t:s0-s0:c0.c1023

Steps to Reproduce:
1. Run sshd
2. From other machine connect to sshd.
3. Enter wrong user and password.
Actual results:
Access denied for sshd.

Expected results:
Access for writing.
Comment 1 Daniel Walsh 2007-12-03 13:09:31 EST
Some how the file context on btmp got lost

restorecon /var/log/btmp should fix.

If you have any idea what removed and recreated this file, tell me.  This is not
a bug in selinux but in the package that removed and recreated the file.

Comment 2 Pekka Savola 2008-01-03 10:53:49 EST
The same thing happened to me.

My guess is that logrotate did this.

[root@gap psavola]# restorecon -n -v /var/log/btmp-20080101 
[root@gap psavola]# restorecon -n -v /var/log/btmp
restorecon reset /var/log/btmp context

But I'm not sure if that's conclusive.

There seems to be another bug with logrotate-related selinux policies.  At F8,
by default the rotated files are no longer "name.[0-9]*" format but
"name-[date]" format, and the policy doesn't seem to reflect this (grep -r btmp
under /etc/selinux yield e.g., 'modules/active/file_contexts:/var/log/btmp.*').

Comment 3 Pekka Savola 2008-01-03 11:01:12 EST
Oops, two similar looking SSHD AVCs, the symptoms are already described in
#427274.  Maybe that was also the cause for losing the context here..

Note You need to log in before you can comment on or make changes to this bug.