search for: ssh_selinux_getctxbynam

...osted to this list with the subject: "*ChrootDirectory fails if compiled with SELinux support (whether or not using SELinux)*", and it can be read here: http://www.gossamer-threads.com/lists/openssh/dev/42475 Alexandre described an SELinux failure with the following error message: ssh_selinux_getctxbyname: ssh_selinux_getctxbyname: security_getenforce() failed As far as I know, that bug still exists and has not been fixed. I am now getting that exact same error message from SELinux, however, I am not using the ChrootDirectory feature. Instead, I am using the chroot patch from this loc...

...d 1784 bytes, in 0.1 seconds Bytes per second: sent 16426.3, received 16958.6 debug1: Exit status -1 Inside the container I can see an error in the auth.log: Oct 24 11:14:11 art01 sshd[1703]: pam_unix(sshd:session): session opened for user root by (uid=0) Oct 24 11:14:11 art01 sshd[1703]: fatal: ssh_selinux_getctxbyname: ssh_selinux_getctxbyname: security_getenforce() failed Oct 24 11:14:11 art01 sshd[1703]: pam_unix(sshd:session): session closed for user root Now I assume I have a problem because inside the container selinux is disabled... If so, is there a way to tell the sshd inside the container to ignore t...

...tOS testing repo. These were the option used: ./configure --prefix=/opt --with-libedit --with-md5-passwords --with-pam --with-selinux --with-tcp-wrappers The new server software works fine for regular ssh/sftp users. However, when logging on as a member of the chroot group we obtain this error: ssh_selinux_getctxbyname: ssh_selinux_getctxbyname: security_getenforce() failed I have found reports of this exact error via Google in several places dating back to 2006, but these all seem to devolve into either: this has been fixed in version x.y.z on distribution Q, where x.y.z is less than 5.3 and Q is not CentOS....

...pears in syslog: Jun 27 09:56:07 teleri sshd[12293]: pam_selinux: Open Session Jun 27 09:56:07 teleri sshd[12293]: Unable to get valid context for bts, No valid tty Jun 27 09:56:07 teleri sshd[12293]: error: PAM: pam_open_session(): Authentication failure Jun 27 09:56:07 teleri sshd[12293]: error: ssh_selinux_getctxbyname: Failed to get default SELinux security context for bts Jun 27 09:56:07 teleri sshd[12293]: fatal: ssh_selinux_getctxbyname: Failed to get default SELinux security context for bts (in enforcing mode) This is due to missing break statements in the relevant switch, so the code wrongly falls through...

...'/' debug3: safely_chroot: checking '/home/' debug3: safely_chroot: checking '/home/user' Changed root directory to "/home/user" debug1: permanently_set_uid: 1002/1005 debug1: SELinux support enabled debug3: ssh_selinux_setup_exec_context: setting execution context ssh_selinux_getctxbyname: ssh_selinux_getctxbyname: security_getenforce() failed debug1: do_cleanup debug3: PAM: sshpam_thread_cleanup entering debug1: do_cleanup debug1: PAM: cleanup debug1: PAM: deleting credentials debug1: PAM: closing session debug3: PAM: sshpam_thread_cleanup entering I do not use SELinux nor know h...

...ing in permissive mode), if the SSH daemon runs in the wrong context (for instance kernel_t) a logon of a user through SSH causes the session to terminate abruptly due to a segmentation fault. This is caused by not initializing the local variable "sc" in the openbsd-compat/port-linux.c::ssh_selinux_getctxbyname() function. The call to get_default_context() will result in the return code -1, but "sc" is left untouched (and thus not a valid security_context_t instance). Later in the function, "sc" is returned to the calling function (which is ssh_selinux_setup_exec_context) which tries...

https://bugzilla.mindrot.org/show_bug.cgi?id=1850 Summary: Build fails when SELinux is enabled Product: Portable OpenSSH Version: 5.7p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: unassigned-bugs at mindrot.org ReportedBy: