search for: security_getenforce

...16426.3, received 16958.6 debug1: Exit status -1 Inside the container I can see an error in the auth.log: Oct 24 11:14:11 art01 sshd[1703]: pam_unix(sshd:session): session opened for user root by (uid=0) Oct 24 11:14:11 art01 sshd[1703]: fatal: ssh_selinux_getctxbyname: ssh_selinux_getctxbyname: security_getenforce() failed Oct 24 11:14:11 art01 sshd[1703]: pam_unix(sshd:session): session closed for user root Now I assume I have a problem because inside the container selinux is disabled... If so, is there a way to tell the sshd inside the container to ignore the selinux check.... Hans

...de <selinux/get_context_list.h> +#include <selinux/get_default_type.h> +extern Authctxt *the_authctxt; + +static const security_context_t selinux_get_user_context(const char *name) { + security_context_t user_context=NULL; + if (get_default_context(name,NULL,&user_context)) { + if (security_getenforce() > 0) + fatal("Failed to get default security context for %s.", name); + else + error("Failed to get default security context for %s. Continuing in permissve mode", name); + } else { + if (the_authctxt) { + char *role=the_authctxt->role; + if (role != NULL &am...

...rectory fails if compiled with SELinux support (whether or not using SELinux)*", and it can be read here: http://www.gossamer-threads.com/lists/openssh/dev/42475 Alexandre described an SELinux failure with the following error message: ssh_selinux_getctxbyname: ssh_selinux_getctxbyname: security_getenforce() failed As far as I know, that bug still exists and has not been fixed. I am now getting that exact same error message from SELinux, however, I am not using the ChrootDirectory feature. Instead, I am using the chroot patch from this location: http://chrootssh.sourceforge.net/ Th...

...nfigure --prefix=/opt --with-libedit --with-md5-passwords --with-pam --with-selinux --with-tcp-wrappers The new server software works fine for regular ssh/sftp users. However, when logging on as a member of the chroot group we obtain this error: ssh_selinux_getctxbyname: ssh_selinux_getctxbyname: security_getenforce() failed I have found reports of this exact error via Google in several places dating back to 2006, but these all seem to devolve into either: this has been fixed in version x.y.z on distribution Q, where x.y.z is less than 5.3 and Q is not CentOS. Or, the selinux filesystem has to be mounted ins...

...me/' debug3: safely_chroot: checking '/home/user' Changed root directory to "/home/user" debug1: permanently_set_uid: 1002/1005 debug1: SELinux support enabled debug3: ssh_selinux_setup_exec_context: setting execution context ssh_selinux_getctxbyname: ssh_selinux_getctxbyname: security_getenforce() failed debug1: do_cleanup debug3: PAM: sshpam_thread_cleanup entering debug1: do_cleanup debug1: PAM: cleanup debug1: PAM: deleting credentials debug1: PAM: closing session debug3: PAM: sshpam_thread_cleanup entering I do not use SELinux nor know how it works but my guess would be that the ssh_s...