Not sure if this is some local setup problem or what, but a ppc32 box updated to rawhide as of 2007-12-21 is showing lots of problems trying to ssh in as root. Last login: Fri Dec 21 14:26:25 2007 from 10.1.1.1 -bash: /root/.bash_profile: Permission denied -bash-3.2# The login then can't do much of anything. Some audit.log messages... can get more on request. I did a 'touch /.autorelabel' and reboot, but no change. I am only seeing this on the ppc machine... type=CRED_ACQ msg=audit(1198272321.580:45): user pid=2247 uid=0 auid=4294967295 subj=syste m_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct=root exe="/usr/sbin/sshd" (hos tname=10.1.1.1, addr=10.1.1.1, terminal=ssh res=success)' type=LOGIN msg=audit(1198272321.592:46): login pid=2247 uid=0 old auid=4294967295 new auid =0 type=USER_START msg=audit(1198272321.594:47): user pid=2247 uid=0 auid=0 subj=system_u:sys tem_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct=root exe="/usr/sbin/sshd" (hostn ame=10.1.1.1, addr=10.1.1.1, terminal=ssh res=success)' type=USER_LOGIN msg=audit(1198272321.616:48): user pid=2252 uid=0 auid=0 subj=system_u:sys tem_r:sshd_t:s0-s0:c0.c1023 msg='uid=0: exe="/usr/sbin/sshd" (hostname=10.1.1.1, addr=10.1 .1.1, terminal=/dev/pts/0 res=success)' type=CRED_REFR msg=audit(1198272321.624:49): user pid=2252 uid=0 auid=0 subj=system_u:syst em_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct=root exe="/usr/sbin/sshd" (hostname=10 .1.1.1, addr=10.1.1.1, terminal=ssh res=success)' type=AVC msg=audit(1198272321.836:50): avc: denied { read } for pid=2252 comm="bash" na me=".bash_profile" dev=dm-0 ino=327365 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tconte xt=system_u:object_r:admin_home_t:s0 tclass=file type=SYSCALL msg=audit(1198272321.836:50): arch=14 syscall=5 success=yes exit=3 a0=100df04 0 a1=10000 a2=0 a3=43000000 items=0 ppid=2247 pid=2252 auid=0 uid=0 gid=0 euid=0 suid=0 fs uid=0 egid=0 sgid=0 fsgid=0 tty=pts0 comm="bash" exe="/bin/bash" subj=root:staff_r:staff_t :s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1198272349.390:51): avc: denied { getattr } for pid=2252 comm="bash" path="/var/log/audit" dev=dm-0 ino=949407 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tc ontext=system_u:object_r:auditd_log_t:s0 tclass=dir type=SYSCALL msg=audit(1198272349.390:51): arch=14 syscall=195 success=yes exit=0 a0=100f3 0e8 a1=bfe2cef0 a2=bfe2cef0 a3=0 items=0 ppid=2247 pid=2252 auid=0 uid=0 gid=0 euid=0 suid =0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 comm="bash" exe="/bin/bash" subj=root:staff_r:st aff_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1198272350.296:52): avc: denied { read } for pid=2252 comm="bash" name="audit" dev=dm-0 ino=949407 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:auditd_log_t:s0 tclass=dir type=SYSCALL msg=audit(1198272350.296:52): arch=14 syscall=5 success=yes exit=3 a0=100f8ab0 a1=94800 a2=1b a3=fefefeff items=0 ppid=2247 pid=2252 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 comm="bash" exe="/bin/bash" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null) Happy to provide more data, logins, or any other helpfull info.
You are logging in as a staff_t user. What does the output of # semanage login -l show? The following command will setup a login as # semanage login -s unconfined_u root Log out and log back in.
[root@mavra ~]# semanage login -l Login Name SELinux User MLS/MCS Range __default__ unconfined_u s0-s0:c0.c1023 root root s0-s0:c0.c1023 system_u system_u s0-s0:c0.c1023 Looks like the updates to selinux-policy 3.2.5-4.fc9.noarch seems to have fixed the issue. I can login as root just fine again... odd that I wasn't seeing the same issue on x86. In any case, I think you can go ahead and close this now...