Displaying 5 results from an estimated 5 matches for "security_getenforce".
2011 Oct 24
1
problem using sshd inside a LXC container
...16426.3, received 16958.6
debug1: Exit status -1
Inside the container I can see an error in the auth.log:
Oct 24 11:14:11 art01 sshd[1703]: pam_unix(sshd:session): session
opened for user root by (uid=0)
Oct 24 11:14:11 art01 sshd[1703]: fatal: ssh_selinux_getctxbyname:
ssh_selinux_getctxbyname: security_getenforce() failed
Oct 24 11:14:11 art01 sshd[1703]: pam_unix(sshd:session): session
closed for user root
Now I assume I have a problem because inside the container selinux is
disabled...
If so, is there a way to tell the sshd inside the container to ignore
the selinux check....
Hans
2004 Sep 07
0
Please review openssh patch for selinux
...de <selinux/get_context_list.h>
+#include <selinux/get_default_type.h>
+extern Authctxt *the_authctxt;
+
+static const security_context_t selinux_get_user_context(const char *name) {
+ security_context_t user_context=NULL;
+ if (get_default_context(name,NULL,&user_context)) {
+ if (security_getenforce() > 0)
+ fatal("Failed to get default security context for %s.", name);
+ else
+ error("Failed to get default security context for %s. Continuing in permissve mode", name);
+ } else {
+ if (the_authctxt) {
+ char *role=the_authctxt->role;
+ if (role != NULL &am...
2008 May 25
1
OpenSSH + chroot + SELinux = broke
...rectory fails if compiled with SELinux support
(whether or not using SELinux)*", and it can be read here:
http://www.gossamer-threads.com/lists/openssh/dev/42475
Alexandre described an SELinux failure with the following error message:
ssh_selinux_getctxbyname: ssh_selinux_getctxbyname:
security_getenforce() failed
As far as I know, that bug still exists and has not been fixed.
I am now getting that exact same error message from SELinux,
however, I am not using the ChrootDirectory feature. Instead, I am
using the chroot patch from this location:
http://chrootssh.sourceforge.net/
Th...
2010 Feb 03
5
OpenSSH-5.3p1 selinux problem on CentOS-5.4.
...nfigure --prefix=/opt --with-libedit --with-md5-passwords
--with-pam --with-selinux --with-tcp-wrappers
The new server software works fine for regular ssh/sftp users.
However, when logging on as a member of the chroot group we obtain
this error:
ssh_selinux_getctxbyname: ssh_selinux_getctxbyname:
security_getenforce() failed
I have found reports of this exact error via Google in several
places dating back to 2006, but these all seem to devolve into
either: this has been fixed in version x.y.z on distribution Q,
where x.y.z is less than 5.3 and Q is not CentOS. Or, the selinux
filesystem has to be mounted ins...
2008 Mar 21
1
ChrootDirectory fails if compiled with SELinux support (whether or not using SELinux)
...me/'
debug3: safely_chroot: checking '/home/user'
Changed root directory to "/home/user"
debug1: permanently_set_uid: 1002/1005
debug1: SELinux support enabled
debug3: ssh_selinux_setup_exec_context: setting execution context
ssh_selinux_getctxbyname: ssh_selinux_getctxbyname: security_getenforce() failed
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: deleting credentials
debug1: PAM: closing session
debug3: PAM: sshpam_thread_cleanup entering
I do not use SELinux nor know how it works but my guess would be that
the ssh_s...