Description of problem: type=SYSCALL msg=audit(1335943641.153:147): arch=c000003e syscall=42 success=no exit=-13 a0=4 a1=7f47acfd11a0 a2=6e a3=1 items=0 ppid=13487 pid=13491 auid=507 uid=507 gid=507 euid=507 suid=507 fsuid=507 egid=507 sgid=507 fsgid=507 tty=(none) ses=2471 comm="sshd" exe="/usr/sbin/sshd" subj=guest_u:guest_r:guest_t:s0 key=(null) type=AVC msg=audit(1335943641.153:147): avc: denied { write } for pid=13491 comm="sshd" name="log" dev=devtmpfs ino=79941 scontext=guest_u:guest_r:guest_t:s0 tcontext=unconfined_u:object_r:devlog_t:s0 tclass=sock_file Version-Release number of selected component (if applicable): selinux-policy-3.7.19-147.el6 How reproducible: 100% Steps to Reproduce: 1. useradd -Z guest_u testuser 2. passwd testuser 3. ssh-copy-id testuser@localhost Actual results: Permission denied (ssh-copy-id)/No error msg with ssh. AVC in description. Expected results: No denial. Additional info: I think something may be missing from the log?
Just try to switch to permissive mode for all AVC msgs. We don't allow guest_t to send log messages.
I think it is the only one, though I can recheck
Fixed in selinux-policy-3.7.19-149.el6
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0780.html