Bug 742274 - pam_ssh needs permission to create dir /var/run/pam_ssh
Summary: pam_ssh needs permission to create dir /var/run/pam_ssh
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: pam_ssh
Version: 15
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Dmitry Butskoy
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-29 14:59 UTC by Jochen Schmitt
Modified: 2011-10-25 03:24 UTC (History)
6 users (show)

Fixed In Version: pam_ssh-1.97-9.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-24 23:06:46 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Jochen Schmitt 2011-09-29 14:59:03 UTC 
I have to find out, that pam_ssh needs to create the directory /var/run/pam_ssh on runtime to work properly.

The current policies denied the creation of this directory for the login process.
Comment 1 Daniel Walsh 2011-09-29 18:09:15 UTC 
What avc are you seeing?
Comment 2 Jochen Schmitt 2011-10-02 18:42:43 UTC 
type=AVC msg=audit(1317579840.309:64): avc:  denied  { write } for  pid=1263 comm="login" name="/" dev=tmpfs ino=5110 scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir
type=SYSCALL msg=audit(1317579840.309:64): arch=c000003e syscall=83 success=no exit=-13 a0=7f62f823273f a1=1ed a2=fffffffffffffed0 a3=0 items=0 ppid=1 pid=1263 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty2 ses=2 comm="login" exe="/bin/login" subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null)
Comment 3 Daniel Walsh 2011-10-03 15:15:53 UTC 
restorecon -R -c /var/run/pam_ssh  

Will fix.

/var/run/pam_ssh should be in the pam_ssh payload.  Secondly you need to add a /etc/tmpfiles.d/pam_ssh.conf

cat /etc/tmpfiles.d/pam_ssh.conf
D /var/run/pam_ssh 0750 root root -


This will tell systemd to create the directory with the correct label at boot time. Then the login programs will be allowed to use the directory.
Comment 4 Fedora Update System 2011-10-03 16:20:56 UTC 
pam_ssh-1.97-8.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/pam_ssh-1.97-8.fc16
Comment 5 Fedora Update System 2011-10-03 16:21:41 UTC 
pam_ssh-1.97-8.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/pam_ssh-1.97-8.fc15
Comment 6 Fedora Update System 2011-10-03 17:44:48 UTC 
Package pam_ssh-1.97-8.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pam_ssh-1.97-8.fc16'
as soon as you are able to, then reboot.
Please go to the following url:
https://admin.fedoraproject.org/updates/pam_ssh-1.97-8.fc16
then log in and leave karma (feedback).
Comment 7 Jochen Schmitt 2011-10-05 18:45:43 UTC 
You should unghosted the /var/run/pam_ssh entry in the %files stanza to make sure, that this directory will be created directly after the package was installed.
Comment 8 Fedora Update System 2011-10-06 15:13:48 UTC 
pam_ssh-1.97-9.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/pam_ssh-1.97-9.fc16
Comment 9 Fedora Update System 2011-10-06 15:15:00 UTC 
pam_ssh-1.97-9.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/pam_ssh-1.97-9.fc15
Comment 10 Fedora Update System 2011-10-24 23:06:46 UTC 
pam_ssh-1.97-9.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2011-10-25 03:24:53 UTC 
pam_ssh-1.97-9.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.