Displaying 5 results from an estimated 5 matches for "sshd_t".
2005 Dec 15
1
RE: ssh in rc.local stalls xenU [SOLVED]
...en or my xenU
>> domain that breaks ssh before login, while it works fine for a
>> physical host?
>
> Logs and debug output would be helpful here.
>
Ah, I should have thought of this earlier. My custom SELinux policy
disables networking for unconfined_t, so it puts ssh into sshd_t (which
allows networking). But it only puts ssh into sshd_t when started by root;
there was no transition specified in my policy that ssh should go into
sshd_t when started by initrc_t. A couple of lines in my
domains/program/ssh.te fixed it:
role initrc_t types sshd_t;
domain_auto_trans(initrc_...
2016 Apr 26
1
username.pem
...lt;username>,pem, then
deletes it when the log out. selinux (in permissive mode) complains.
First, I changed the context to cert_t, and *now* it complains that
ksh93 wants write, etc access on the directory. grep ssh-x509-auth
/var/log/audit/audit.log | audit2allow offers me this:
#============= sshd_t ==============
allow sshd_t cert_t:dir write;
allow sshd_t var_lib_t:file { write getattr create open ioctl };
So: first, is this an expected behavior; second, is that the correct
fcontext, and, finally, is it safe for me to create this as a local
policy?
Thanks in advance.
mark
2012 Jun 15
1
Puppet + Passenger SELinux issues
...puppet_var_run_t;
type puppet_var_lib_t;
type auditd_t;
type httpd_t;
type rpm_var_lib_t;
type postfix_cleanup_t;
type postfix_master_t;
type inetd_t;
type udev_t;
type mysqld_safe_t;
type postfix_pickup_t;
type sshd_t;
type crond_t;
type getty_t;
type postfix_qmgr_t;
type ntpd_t;
class sock_file { write unlink open };
class capability { sys_resource sys_ptrace };
class process setexec;
class dir { write getattr read create search add_name };...
2014 Jun 12
4
[Bug 2245] New: Multiple USER_LOGIN messages when linux audit support is enabled on bad login
https://bugzilla.mindrot.org/show_bug.cgi?id=2245
Bug ID: 2245
Summary: Multiple USER_LOGIN messages when linux audit support
is enabled on bad login
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
2018 Mar 07
0
An selinux issue
...in restorecon (94.8 confidence) suggests
************************
If you want to fix the label.
/etc/ssh/moduli default label should be etc_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /etc/ssh/moduli
<...>
Additional Information:
Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023
Target Context system_u:object_r:unlabeled_t:s0
Target Objects /etc/ssh/moduli [ file ]
Source sshd
Source Path /usr/sbin/sshd
---------
Except:
ls -laFZ /etc/ssh/moduli
-rw-r--r--. root root system:object_r:etc_...