Red Hat Bugzilla – Bug 477922
SElinux-targeted policy reverts to broken SSH rules
Last modified: 2009-03-23 09:38:35 EDT
Description of problem:
crontab not allowed to start ssh
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. add crontab entries to start/stop ssh to reduce hacker window on opportunity
2. watch, as SElinux policy denies ssh startup
ssh not started/stopped
normal ssh startup, as in F9
This is a rule reversion, as this same bug was already fixed in F8/F9 timeframe.
setroubleshoot output attached.
Created attachment 327837 [details]
You can add these rules for now using
# grep avc /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Fixed in selinux-policy-3.5.13-37.fc10
This is actually a change in the kernel or in libc that is causing the problem. This policy is not in F8 or F9, but that is not your problem. :^) So it is a regression and I will get the fix out for you.
Where do I get this new selinux-policy-3.5.13-37.fc10
package? It is not rolled out to updates-testing.
You can download it from koji, I will push out this update or a newer one once we get back to work tomorrow.
Seems to be working properly now