Bug 426553 - ssh login as root problems (ppc only)
ssh login as root problems (ppc only)
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
powerpc Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-21 19:03 EST by Kevin Fenzi
Modified: 2007-12-26 18:42 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-12-26 18:42:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kevin Fenzi 2007-12-21 19:03:32 EST
Not sure if this is some local setup problem or what, but a ppc32 box updated to
rawhide as of 2007-12-21 is showing lots of problems trying to ssh in as root. 

Last login: Fri Dec 21 14:26:25 2007 from 10.1.1.1
-bash: /root/.bash_profile: Permission denied
-bash-3.2#

The login then can't do much of anything. 

Some audit.log messages... can get more on request. 

I did a 'touch /.autorelabel' and reboot, but no change. 
I am only seeing this on the ppc machine...


type=CRED_ACQ msg=audit(1198272321.580:45): user pid=2247 uid=0 auid=4294967295
subj=syste
m_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct=root
exe="/usr/sbin/sshd" (hos
tname=10.1.1.1, addr=10.1.1.1, terminal=ssh res=success)'
type=LOGIN msg=audit(1198272321.592:46): login pid=2247 uid=0 old
auid=4294967295 new auid
=0
type=USER_START msg=audit(1198272321.594:47): user pid=2247 uid=0 auid=0
subj=system_u:sys
tem_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct=root
exe="/usr/sbin/sshd" (hostn
ame=10.1.1.1, addr=10.1.1.1, terminal=ssh res=success)'
type=USER_LOGIN msg=audit(1198272321.616:48): user pid=2252 uid=0 auid=0
subj=system_u:sys
tem_r:sshd_t:s0-s0:c0.c1023 msg='uid=0: exe="/usr/sbin/sshd" (hostname=10.1.1.1,
addr=10.1
.1.1, terminal=/dev/pts/0 res=success)'
type=CRED_REFR msg=audit(1198272321.624:49): user pid=2252 uid=0 auid=0
subj=system_u:syst
em_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct=root exe="/usr/sbin/sshd"
(hostname=10
.1.1.1, addr=10.1.1.1, terminal=ssh res=success)'
type=AVC msg=audit(1198272321.836:50): avc:  denied  { read } for  pid=2252
comm="bash" na
me=".bash_profile" dev=dm-0 ino=327365
scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tconte
xt=system_u:object_r:admin_home_t:s0 tclass=file
type=SYSCALL msg=audit(1198272321.836:50): arch=14 syscall=5 success=yes exit=3
a0=100df04
0 a1=10000 a2=0 a3=43000000 items=0 ppid=2247 pid=2252 auid=0 uid=0 gid=0 euid=0
suid=0 fs
uid=0 egid=0 sgid=0 fsgid=0 tty=pts0 comm="bash" exe="/bin/bash"
subj=root:staff_r:staff_t
:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1198272349.390:51): avc:  denied  { getattr } for  pid=2252
comm="bash"
 path="/var/log/audit" dev=dm-0 ino=949407
scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tc
ontext=system_u:object_r:auditd_log_t:s0 tclass=dir
type=SYSCALL msg=audit(1198272349.390:51): arch=14 syscall=195 success=yes
exit=0 a0=100f3
0e8 a1=bfe2cef0 a2=bfe2cef0 a3=0 items=0 ppid=2247 pid=2252 auid=0 uid=0 gid=0
euid=0 suid
=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 comm="bash" exe="/bin/bash"
subj=root:staff_r:st
aff_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1198272350.296:52): avc:  denied  { read } for  pid=2252
comm="bash" name="audit" dev=dm-0 ino=949407
scontext=root:staff_r:staff_t:s0-s0:c0.c1023
tcontext=system_u:object_r:auditd_log_t:s0 tclass=dir
type=SYSCALL msg=audit(1198272350.296:52): arch=14 syscall=5 success=yes exit=3
a0=100f8ab0 a1=94800 a2=1b a3=fefefeff items=0 ppid=2247 pid=2252 auid=0 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 comm="bash"
exe="/bin/bash" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)

Happy to provide more data, logins, or any other helpfull info.
Comment 1 Daniel Walsh 2007-12-26 11:35:04 EST
You are logging in as a staff_t user.
What does the output of 
# semanage login -l

show?

The following command will setup a login as 
# semanage login -s unconfined_u root

Log out and log back in.
Comment 2 Kevin Fenzi 2007-12-26 12:27:12 EST
[root@mavra ~]# semanage login -l

Login Name                SELinux User              MLS/MCS Range            

__default__               unconfined_u              s0-s0:c0.c1023           
root                      root                      s0-s0:c0.c1023           
system_u                  system_u                  s0-s0:c0.c1023   

Looks like the updates to selinux-policy 3.2.5-4.fc9.noarch seems to have fixed
the issue. I can login as root just fine again... odd that I wasn't seeing the
same issue on x86. 

In any case, I think you can go ahead and close this now...

Note You need to log in before you can comment on or make changes to this bug.