From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b5) Gecko/2008043010 Fedora/3.0-0.60.beta5.fc9 Firefox/3.0b5 Description of problem: Summary: SELinux is preventing sshd (sshd_t) "read" to authorized_keys (var_lib_t). Detailed Description: SELinux denied access requested by sshd. It is not expected that this access is required by sshd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for authorized_keys, restorecon -v 'authorized_keys' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_lib_t:s0 Target Objects authorized_keys [ lnk_file ] Source sshd Source Path /usr/sbin/sshd Port <Unknown> Host vivek.temasek.net Source RPM Packages openssh-server-5.0p1-1.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-55.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name vivek.temasek.net Platform Linux vivek.temasek.net 2.6.25.3-18.fc9.i686 #1 SMP Tue May 13 05:38:53 EDT 2008 i686 i686 Alert Count 1 First Seen Fri 06 Jun 2008 07:41:28 AM SGT Last Seen Fri 06 Jun 2008 07:48:10 AM SGT Local ID 518ea9f6-9075-410c-92c2-9de6883fc62e Line Numbers Raw Audit Messages host=vivek.temasek.net type=AVC msg=audit(1212709690.377:110): avc: denied { read } for pid=11181 comm="sshd" name="authorized_keys" dev=sda7 ino=517237 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=lnk_file host=vivek.temasek.net type=SYSCALL msg=audit(1212709690.377:110): arch=40000003 syscall=195 success=no exit=-13 a0=b82f18f0 a1=bfaa86f0 a2=6d7ff4 a3=b82f18f0 items=0 ppid=2122 pid=11181 auid=4294967295 uid=0 gid=0 euid=495 suid=0 fsuid=495 egid=490 sgid=0 fsgid=490 tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.install freenx and nx followed by nxclient from nomachine.com 2. start nxclient and try to connect to localhost 3. selinux denial Actual Results: selinux denied access. tried to run the recommended restorecon command which worked, but still failed to let nxclient through. Expected Results: logged in into the machine via nomachine's nxclient. Additional info:
Do you have a symbolic link in /var/lib named authorized_keys? What package owns it? What is it's full path?