Red Hat Bugzilla – Bug 447943
Detection of SELinux enforcing mode is broken in sshd
Last modified: 2008-10-17 04:16:52 EDT
This is a known-fixed upstream bug that is affecting Fedora 9. Fedora 8 and
earlier do not seem to be affected.
The symptom is that if SELinux is running in permissive mode, it's often not
possible to log in via ssh.
It should not affect Fedora 9 because the SELinux support was mostly replaced a
few Fedora releases ago. If you have some problems with SELinux and OpenSSH in
Fedora 9 it is a different problem. Please provide debug logs from the server.
Created attachment 306395 [details]
output of sshd -Dde
Here's an example server log.
As you can see from the log, the actual failure is in the setresuid call - it
seems that the uid 1000 exceeded the limit of number of processes. Perhaps you
have something wrong in /etc/security/limits.conf or limits.d?
ssh_selinux_getctxbyname: Failed to get default SELinux security context for bos
ssh_selinux_setup_exec_context: SELinux failure. Continuing in permissive mode.
Also it is true that these messages should not be there, perhaps there is
something wrong with your SELinux policy? What prints 'semanage -l login' and
'semanage -l user'?
I've disabled SELinux entirely, which solves the problem in the usual way.
However, I never modified any of my security settings, so whatever was in
/etc/security was provided by Fedora, not me. This was a completely clean
Fedora 9 install from scratch onto a new drive. You should be able to find the
same settings as I have in the original stock RPMs.
Have you upgraded the system recently? Do you have fresh selinux-policy-targeted
There is a soft limit of maximum 1024 processes per user is it possible that you
could have so many processes running?
I have this: selinux-policy-targeted-3.3.1-51.fc9.noarch
Regarding processes, the machine is mostly idle. I currently have 59 processes
running, and that's unusually high because I'm logged in at the console.
Can you still reproduce the problem with the latest selinux-policy from
Unfortunately I was not able to reproduce the problem here.
I cannot reproduce the problem -> no fix.