fedora-selinux January 2012 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: security contexts

Re: security contexts

From: Daniel J Walsh <dwalsh_at_nospam>
Date: Mon Jan 09 2012 - 20:14:48 GMT
To: m.roth@5-cent.us

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/09/2012 01:27 PM, m.roth@5-cent.us wrote:
> Daniel J Walsh wrote:
>> On 01/09/2012 09:33 AM, m.roth@5-cent.us wrote:
>>> In CentOS 6.2, I'm getting sshd[6116]:
>>> pam_selinux(sshd:session): Security context
>>> unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 is not
>>> allowed for
>>>
>>> and
>>>
>>> sshd[6116]: pam_selinux(sshd:session): Unable to get valid
>>> context for root
>>>
>>> Googling shows me nothing useful - what's causing this? Is it
>>> a
> <snip>
>> ps -eZ | grep sshd.
>>
>
> Did that, and see: system_u:system_r:kernel_t:s0 11506 ?
> 00:00:00 sshd
>
>> You can run
>>
>> fixfiles restore
> <snip> Did this on /dev, /root, /usr, /lib (and the filesystem with
> users' home directories). I'm still getting sshd[12558]: error:
> ssh_selinux_setup_pty: security_compute_relabel: Invalid argument
>
> Clues?
>
> mark
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

Yes since init was not labeled correctly or anything else. the entire
machine booted as kernel_t, and no transitions happened, now that you
have relabeled everthing, if you reboot all the labels should be correct.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8LSrgACgkQrlYvE4MpobPtpQCfUlyqmvhmI8oB2yybGHRk6RIY
tSAAnjRIa03NLtBXZXhOcrCFH/CORdQl
=Ea23
-----END PGP SIGNATURE-----
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux