Bug 757534 - SELinux is preventing /usr/sbin/sshd from 'write' accesses on the file sshd.pid.
Summary: SELinux is preventing /usr/sbin/sshd from 'write' accesses on the file sshd.pid.
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 16
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:ec7e2747a7c987352409c38e70c...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-27 16:39 UTC by NM
Modified: 2011-11-29 03:47 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-11-28 10:17:04 UTC
Type: ---

Attachments (Terms of Use)
File: description (2.24 KB, text/plain)
2011-11-27 16:39 UTC, NM 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description NM 2011-11-27 16:39:08 UTC 
libreport version: 2.0.7
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.1.2-1.fc16.x86_64
reason:         SELinux is preventing /usr/sbin/sshd from 'write' accesses on the file sshd.pid.
time:           Sun 27 Nov 2011 11:35:19 AM EST

description:    Text file, 2292 bytes
Comment 1 NM 2011-11-27 16:39:11 UTC 
Created attachment 537180 [details]
File: description
Comment 2 Miroslav Grepl 2011-11-28 10:17:04 UTC 
Have you ever started sshd daemon directly without using systemctl?

You need to execute

# restorecon -R -v /var/run/sshd.pid
Comment 3 NM 2011-11-28 14:20:43 UTC 
Dear Miroslav. 

I ran 'sshd -DEddd' from command prompt to debug connection problems. I fixed it finally after dealing with SELinux issue(s). However, I think, but not sure, I fixed it with the commands recommended in ABRT attachment above. 

# grep sshd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

I should not have done that am I? I am not familiar with SELinux. Can you please comment as to what exactly did I do? And if that requres 'fixing back'?

Also, I recall to run 'fixfiles onboot'. sshd works now but leaves a message in the 'secure' log file: 

ssh_selinux_change_context: setcon failed with Invalid argument

I am not sure what does it mean - but still annoying. 

Thanks again, and please advise if i should revert the changes recomended by abrt in attachment.

NM
Comment 4 Daniel Walsh 2011-11-29 03:09:19 UTC 
semodule -r mypol

Will remove your custom policy change.
Comment 5 NM 2011-11-29 03:47:24 UTC 
Thanks a lot.
Note You need to log in before you can comment on or make changes to this bug.