Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
ssh.te - more needed?: msg#00219
|
Subject: |
ssh.te - more needed? |
After augmenting ssh.te with
can_exec(sshd_t, sshd_exec_t)
as suggested by Stephen S., inbound
ssh to strict/enforcing system still fails.
Here are avc's (running permissive):
Aug 30 09:49:44 fedora kernel: audit(1093884584.213:0): avc: denied { ioctl }
for pid=4998 exe=/bin/su path=/dev/pts/4 dev=devpts ino=6
scontext=user_u:user_r:user_su_t tcontext=system_u:object_r:sshd_devpts_t
tclass=chr_file
Aug 30 09:49:46 fedora kernel: audit(1093884586.516:0): avc: denied { getattr
} for pid=4998 exe=/bin/su name=4 dev=devpts ino=6
scontext=user_u:user_r:user_su_t tcontext=system_u:object_r:sshd_devpts_t
tclass=chr_file
Aug 30 09:49:46 fedora kernel: audit(1093884586.542:0): avc: denied { read
write } for pid=5013 exe=/bin/hostname name=4 dev=devpts ino=6
scontext=root:sysadm_r:hostname_t tcontext=root:object_r:sshd_devpts_t
tclass=chr_file
audit2allow says:
allow hostname_t sshd_devpts_t:chr_file { read write };
allow user_su_t sshd_devpts_t:chr_file { getattr ioctl };
tom
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm
|
| |
