Description of problem: It append during an update fron testing depot SELinux is preventing /usr/sbin/sshd from 'name_bind' accesses on the tcp_socket . ***** Plugin catchall (100. confidence) suggests *************************** If vous pensez que sshd devrait être autorisé à accéder name_bind sur tcp_socket par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep sshd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023 Target Context system_u:object_r:vnc_port_t:s0 Target Objects [ tcp_socket ] Source sshd Source Path /usr/sbin/sshd Port 5962 Host (removed) Source RPM Packages openssh-server-6.2p2-4.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-65.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.9.9-302.fc19.x86_64 #1 SMP Sat Jul 6 13:41:07 UTC 2013 x86_64 x86_64 Alert Count 27 First Seen 2013-07-08 19:47:07 CEST Last Seen 2013-07-24 20:16:07 CEST Local ID 78a389c0-e025-48af-afff-19aefa8577b1 Raw Audit Messages type=AVC msg=audit(1374689767.847:442): avc: denied { name_bind } for pid=15693 comm="sshd" src=5962 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:vnc_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1374689767.847:442): arch=x86_64 syscall=bind success=yes exit=0 a0=3 a1=7fc6ee419760 a2=10 a3=7fff6bff2c80 items=0 ppid=1 pid=15693 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=sshd exe=/usr/sbin/sshd subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null) Hash: sshd,sshd_t,vnc_port_t,tcp_socket,name_bind Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.9-302.fc19.x86_64 type: libreport
96cf04be1a5b6ba8a89a7ee019ad285d0b7cadba allows this in git.
selinux-policy-3.12.1-69.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-69.fc19
Package selinux-policy-3.12.1-69.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-69.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-14089/selinux-policy-3.12.1-69.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-69.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.