Hide Forgot
Description of problem: time->Tue Mar 20 17:48:49 2012 type=SYSCALL msg=audit(1332262129.764:30790): arch=c000003e syscall=1 success=no exit=-13 a0=3 a1=7fe1bb050820 a2=36 a3=6e65727275632f72 items=0 ppid=7452 pid=7460 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=295 comm="sshd" exe="/usr/sbin/sshd" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1332262129.764:30790): avc: denied { dyntransition } for pid=7460 comm="sshd" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process Version-Release number of selected component (if applicable): selinux-policy-3.7.19-139.el6 How reproducible: 100% Steps to Reproduce: 1. install openssh-server 2. change sftp subsystem to internal-sftp in sshd_config 3. restart sshd 4. try to connecting via sftp as root Actual results: AVC denial Expected results: No AVC denial Additional info: Adding as regression KW as there was no such AVC in the previous versions
We allow it for other SELinux users and we have it for unconfined in Fedora too.
Fixed in selinux-policy-3.7.19-142.el6
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0780.html