Description of problem: On a RHEL6.3 system with MLS policy an user created with category s8:c101 cannot login to the system through ssh Below messages are seen: type=AVC msg=audit(1341466838.962:19126): avc: denied { rlimitinh } for pid=3530 comm="unix_chkpwd" scontext=system_u:system_r:sshd_t:s0-s15:c0.c1023 tcontext=system_u:system_r:chkpwd_t:s0-s15:c0.c1023 tclass=process type=AVC msg=audit(1341466838.962:19126): avc: denied { siginh } for pid=3530 comm="unix_chkpwd" scontext=system_u:system_r:sshd_t:s0-s15:c0.c1023 tcontext=system_u:system_r:chkpwd_t:s0-s15:c0.c1023 tclass=process type=AVC msg=audit(1341466838.962:19126): avc: denied { noatsecure } for pid=3530 comm="unix_chkpwd" scontext=system_u:system_r:sshd_t:s0-s15:c0.c1023 tcontext=system_u:system_r:chkpwd_t:s0-s15:c0.c1023 tclass=process type=SYSCALL msg=audit(1341466838.962:19126): arch=c000003e syscall=59 success=yes exit=0 a0=7fd582ec7c98 a1=7ffffa04c9f0 a2=7fd5830ce368 a3=7 items=0 ppid=3528 pid=3530 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="unix_chkpwd" exe="/sbin/unix_chkpwd" subj=system_u:system_r:chkpwd_t:s0-s15:c0.c1023 key=(null) type=USER_AUTH msg=audit(1341466838.965:19127): user pid=3528 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s15:c0.c1023 msg='op=PAM:authentication acct="dwalsh" exe="/usr/sbin/sshd" hostname=192.168.122.1 addr=192.168.122.1 terminal=ssh res=success' type=AVC msg=audit(1341466838.967:19128): avc: denied { rlimitinh } for pid=3531 comm="unix_chkpwd" scontext=system_u:system_r:sshd_t:s0-s15:c0.c1023 tcontext=system_u:system_r:chkpwd_t:s0-s15:c0.c1023 tclass=process type=AVC msg=audit(1341466838.967:19128): avc: denied { siginh } for pid=3531 comm="unix_chkpwd" scontext=system_u:system_r:sshd_t:s0-s15:c0.c1023 tcontext=system_u:system_r:chkpwd_t:s0-s15:c0.c1023 tclass=process type=AVC msg=audit(1341466838.967:19128): avc: denied { noatsecure } for pid=3531 comm="unix_chkpwd" scontext=system_u:system_r:sshd_t:s0-s15:c0.c1023 tcontext=system_u:system_r:chkpwd_t:s0-s15:c0.c1023 tclass=process /var/log/secure Jul 5 10:57:33 webserver sshd[3419]: Accepted password for dwalsh from 192.168.122.1 port 35119 ssh2 Jul 5 10:57:33 webserver sshd[3419]: pam_unix(sshd:session): session opened for user dwalsh by (uid=0) Jul 5 10:57:33 webserver sshd[3423]: fatal: Write failed: Permission denied Jul 5 10:57:33 webserver sshd[3423]: fatal: mm_request_send: write: Permission denied Jul 5 10:57:33 webserver sshd[3419]: pam_unix(sshd:session): session closed for user dwalsh Version-Release number of selected component (if applicable): selinux-policy-targeted-3.7.19-154.el6.noarch selinux-policy-3.7.19-154.el6.noarch selinux-policy-mls-3.7.19-154.el6.noarch How reproducible: Steps to Reproduce: 1. Create a user useradd -Z sysadm_u joh 2. Assign category s8:c101 semanage login -a -s sysadm_u -r s8:c101 john 3. Login through ssh Actual results: Unable to logon through ssh Expected results: Should be able to logon through ssh Additional info:
Fixed in selinux-policy-3.7.19-156.el6
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0314.html