Red Hat Bugzilla – Bug 642935
SELinux is preventing /sbin/setfiles access to a leaked tcp_socket file descriptor.
Last modified: 2012-11-05 10:15:46 EST
This bug exists in RHEL5.6 - openssh-4.3p2-57.el5 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Test :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Running 'echo 'session required pam_namespace.so debug' >> /etc/pam.d/sshd' :: [ PASS ] :: Running 'echo '$HOME $HOME/$USER.inst/ user' >> /etc/security/namespace.conf' :: [ PASS ] :: Running 'sed -i 's/exit 0/lsof -p $$ \&>$2\/testout; exit 0/g' /etc/security/namespace.init' :: [ PASS ] :: Running './ssh.exp' :: [ FAIL ] :: File '/root/root.inst/root/testout' should not contain 'TCP' :: [ LOG ] :: Duration: 7s :: [ LOG ] :: Assertions: 4 good, 1 bad :: [ FAIL ] :: RESULT: Test
This bug still exists in openssh-4.3p2-72.el5
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
This bug is resolved in RHE6. Therefore, I recommend upgrading to RHEL6 all customers who are affected by this issue.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0237.html