Description of problem: SELinux is preventing /usr/sbin/sshd from using the 'dyntransition' accesses on a process. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that sshd should be allowed dyntransition access on processes labeled sshd_net_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep sshd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:initrc_t:s0 Target Context system_u:system_r:sshd_net_t:s0 Target Objects [ process ] Source sshd Source Path /usr/sbin/sshd Port <Unknown> Host (removed) Source RPM Packages openssh-server-6.2p2-3.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-63.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-0.rc7.git0.2.fc20.x86_64 #1 SMP Tue Jun 25 11:53:19 UTC 2013 x86_64 x86_64 Alert Count 32 First Seen 2013-07-16 16:06:33 PDT Last Seen 2013-07-16 16:08:33 PDT Local ID d92a439b-676b-42bc-a93c-bc44abcac150 Raw Audit Messages type=AVC msg=audit(1374016113.44:830): avc: denied { dyntransition } for pid=24631 comm="sshd" scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:system_r:sshd_net_t:s0 tclass=process type=SYSCALL msg=audit(1374016113.44:830): arch=x86_64 syscall=write success=no exit=EACCES a0=6 a1=7f09e899d750 a2=20 a3=7fff1496bb50 items=0 ppid=24630 pid=24631 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=sshd exe=/usr/sbin/sshd subj=system_u:system_r:initrc_t:s0 key=(null) Hash: sshd,initrc_t,sshd_net_t,process,dyntransition Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.10.0-0.rc7.git0.2.fc20.x86_64 type: libreport
Please try to execute # restorecon -R -v /usr/sbin/sshd # systemctl restart sshd should fix your problem.