Description of problem: Oct 16 09:38:56 localhost sshd[3086]: Accepted publickey for root from 192.168.0.8 port 47724 ssh2 Oct 16 09:38:56 localhost sshd[3086]: pam_unix(sshd:session): session opened for user root by (uid=0) Oct 16 09:38:56 localhost sshd[3086]: pam_selinux(sshd:session): Security context root:staff_r:insmod_t:s0-s0:c0.c1023 is not allowed for root:staff_r:insmod_t:s0-s0:c0.c1023 Oct 16 09:38:56 localhost sshd[3086]: pam_selinux(sshd:session): Unable to get valid context for root Oct 16 09:38:56 localhost sshd[3086]: error: PAM: pam_open_session(): Authentication failure Oct 16 09:38:56 localhost sshd[3086]: error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument Oct 16 09:41:51 localhost sshd[3138]: Accepted publickey for orion from 192.168.0.72 port 49110 ssh2 Oct 16 09:41:51 localhost sshd[3138]: pam_unix(sshd:session): session opened for user orionby (uid=0) Oct 16 09:41:51 localhost sshd[3138]: pam_selinux(sshd:session): conversation failed Oct 16 09:41:51 localhost sshd[3138]: pam_selinux(sshd:session): No response to query: Would you like to enter a security context? [N] Oct 16 09:41:51 localhost sshd[3138]: pam_selinux(sshd:session): Unable to get valid context for orion Oct 16 09:41:51 localhost sshd[3138]: error: PAM: pam_open_session(): Authentication failure Oct 16 09:41:52 localhost sshd[3138]: error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument Version-Release number of selected component (if applicable): selinux-policy-3.5.12-2.fc10 No AVC messages.
What context was ssh running as? When you login at the console what does id -Z show?
sshd is running as "root:staff_r:insmod_t:s0-s0:c0.c1023". id -Z on VT2 reports the same.
I installed selinux-policy-3.5.12-3.fc10.noarch and did a relabel (touch /.autorelabel) and now things are working. Lots of things did not seem labeled properly. I'll do another install tomorrow to make sure anaconda is getting things labeled correctly. sshd is now running as system_u:system_r:sshd_t:s0-s0:c0.c1023 id -Z reports root:unconfined_r:unconfined_t:s0-s0:c0.c1023
Is this still a problem or should this bug be closed? Thank you.
Seems to be okay on a fresh install.