Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: ssh.te - more needed?: msg#00225
|
Subject: |
Re: ssh.te - more needed? |
On Mon, 2004-08-30 at 13:24, t l wrote:
> After augmenting ssh.te with
> can_exec(sshd_t, sshd_exec_t)
> as suggested by Stephen S., inbound
> ssh to strict/enforcing system still fails.
>
> Here are avc's (running permissive):
>
> Aug 30 09:49:44 fedora kernel: audit(1093884584.213:0): avc: denied { ioctl
> } for pid=4998 exe=/bin/su path=/dev/pts/4 dev=devpts ino=6
> scontext=user_u:user_r:user_su_t tcontext=system_u:object_r:sshd_devpts_t
> tclass=chr_file
> Aug 30 09:49:46 fedora kernel: audit(1093884586.516:0): avc: denied {
> getattr } for pid=4998 exe=/bin/su name=4 dev=devpts ino=6
> scontext=user_u:user_r:user_su_t tcontext=system_u:object_r:sshd_devpts_t
> tclass=chr_file
> Aug 30 09:49:46 fedora kernel: audit(1093884586.542:0): avc: denied { read
> write } for pid=5013 exe=/bin/hostname name=4 dev=devpts ino=6
> scontext=root:sysadm_r:hostname_t tcontext=root:object_r:sshd_devpts_t
> tclass=chr_file
>
> audit2allow says:
> allow hostname_t sshd_devpts_t:chr_file { read write };
> allow user_su_t sshd_devpts_t:chr_file { getattr ioctl };
That isn't a policy issue; it is a bug in the SELinux patch for openssh
3.9p1, already bugzilla'd.
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
|
| |
