Displaying 7 results from an estimated 7 matches for "ssh_selinux_getctxbyname".
2008 May 25
1
OpenSSH + chroot + SELinux = broke
...osted to this list with the
subject: "*ChrootDirectory fails if compiled with SELinux support
(whether or not using SELinux)*", and it can be read here:
http://www.gossamer-threads.com/lists/openssh/dev/42475
Alexandre described an SELinux failure with the following error message:
ssh_selinux_getctxbyname: ssh_selinux_getctxbyname:
security_getenforce() failed
As far as I know, that bug still exists and has not been fixed.
I am now getting that exact same error message from SELinux,
however, I am not using the ChrootDirectory feature. Instead, I am
using the chroot patch from this loca...
2011 Oct 24
1
problem using sshd inside a LXC container
...d 1784 bytes, in 0.1 seconds
Bytes per second: sent 16426.3, received 16958.6
debug1: Exit status -1
Inside the container I can see an error in the auth.log:
Oct 24 11:14:11 art01 sshd[1703]: pam_unix(sshd:session): session
opened for user root by (uid=0)
Oct 24 11:14:11 art01 sshd[1703]: fatal: ssh_selinux_getctxbyname:
ssh_selinux_getctxbyname: security_getenforce() failed
Oct 24 11:14:11 art01 sshd[1703]: pam_unix(sshd:session): session
closed for user root
Now I assume I have a problem because inside the container selinux is
disabled...
If so, is there a way to tell the sshd inside the container to ignore
th...
2010 Feb 03
5
OpenSSH-5.3p1 selinux problem on CentOS-5.4.
...tOS testing repo. These were
the option used:
./configure --prefix=/opt --with-libedit --with-md5-passwords
--with-pam --with-selinux --with-tcp-wrappers
The new server software works fine for regular ssh/sftp users.
However, when logging on as a member of the chroot group we obtain
this error:
ssh_selinux_getctxbyname: ssh_selinux_getctxbyname:
security_getenforce() failed
I have found reports of this exact error via Google in several
places dating back to 2006, but these all seem to devolve into
either: this has been fixed in version x.y.z on distribution Q,
where x.y.z is less than 5.3 and Q is not CentOS. O...
2007 Jun 27
4
[Bug 1325] New: SELinux support broken when SELinux is in permissive mode
...pears in syslog:
Jun 27 09:56:07 teleri sshd[12293]: pam_selinux: Open Session
Jun 27 09:56:07 teleri sshd[12293]: Unable to get valid context for
bts, No valid tty
Jun 27 09:56:07 teleri sshd[12293]: error: PAM: pam_open_session():
Authentication failure
Jun 27 09:56:07 teleri sshd[12293]: error: ssh_selinux_getctxbyname:
Failed to get default SELinux security context for bts
Jun 27 09:56:07 teleri sshd[12293]: fatal: ssh_selinux_getctxbyname:
Failed to get default SELinux security context for bts (in enforcing
mode)
This is due to missing break statements in the relevant switch, so the
code wrongly falls through...
2008 Mar 21
1
ChrootDirectory fails if compiled with SELinux support (whether or not using SELinux)
...'/'
debug3: safely_chroot: checking '/home/'
debug3: safely_chroot: checking '/home/user'
Changed root directory to "/home/user"
debug1: permanently_set_uid: 1002/1005
debug1: SELinux support enabled
debug3: ssh_selinux_setup_exec_context: setting execution context
ssh_selinux_getctxbyname: ssh_selinux_getctxbyname: security_getenforce() failed
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: deleting credentials
debug1: PAM: closing session
debug3: PAM: sshpam_thread_cleanup entering
I do not use SELinux nor know ho...
2011 Dec 13
5
[Bug 1960] New: Running sshd in wrong SELinux context causes segmentation fault when a user logs in
...ing in permissive mode), if
the SSH daemon runs in the wrong context (for instance kernel_t) a
logon of a user through SSH causes the session to terminate abruptly
due to a segmentation fault.
This is caused by not initializing the local variable "sc" in the
openbsd-compat/port-linux.c::ssh_selinux_getctxbyname() function. The
call to get_default_context() will result in the return code -1, but
"sc" is left untouched (and thus not a valid security_context_t
instance). Later in the function, "sc" is returned to the calling
function (which is ssh_selinux_setup_exec_context) which tries t...
2011 Jan 24
10
[Bug 1850] New: Build fails when SELinux is enabled
https://bugzilla.mindrot.org/show_bug.cgi?id=1850
Summary: Build fails when SELinux is enabled
Product: Portable OpenSSH
Version: 5.7p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: