On 10/14/13 at 01:40pm, Zhi Zou wrote:
Resolves bz971279
description of problem:
Previously with selinux in enforcing mode, could prevent ssh-keygen
from generating keys. Support for selinux policy for allowing applications to
access ssh-keygen for generating ssh keys was added with
selinux-policy-3.7.19-126.el6_2.6 and RHEL 6.3 ships
selinux-policy-targeted-3.7.19-142.el6 which already has the
support for ssh_keygen_t.
Does fedora ship selinux with ssh_keygen_t support? If yes, you might
want to remove the rhel6 part from your changelog.
Thanks
WANG Chao
Solutions:
Because of the context was added for ssh key generation,
so the keys were generated without fliping from enforcing mode to
permissive mode for ssh key generation. This patch removes selinux code which
switches between enforcing and permissive modes.
Signed-off-by: arthur <zzou(a)redhat.com>
---
kdumpctl | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/kdumpctl b/kdumpctl
index 358ef05..b626f61 100755
--- a/kdumpctl
+++ b/kdumpctl
@@ -317,13 +317,6 @@ function propagate_ssh_key()
exit 1
fi
- #Check if selinux is on... must flip to permissive mode
- #for the moment to create key, then flip back...
- se_enforce=`/usr/sbin/sestatus | grep -c "^Current mode.*enforcing"`
- if [ "$se_enforce" -ge 1 ]; then
- /usr/sbin/setenforce 0 2>&1 > /dev/null
- fi
-
local KEYFILE=$SSH_KEY_LOCATION
local errmsg="Failed to propagate ssh key"
@@ -335,11 +328,6 @@ function propagate_ssh_key()
/usr/bin/ssh-keygen -t rsa -f $KEYFILE -N "" 2>&1 > /dev/null
echo "done."
fi
-
- #If necessary, flip selinux back to enforcing
- if [ "$se_enforce" -ge 1 ]; then
- /usr/sbin/setenforce 1 2>&1 > /dev/null
- fi
#now find the target ssh user and server to contact.
SSH_USER=`echo $DUMP_TARGET | cut -d\ -f2 | cut -d@ -f1`
--
1.8.3.1
_______________________________________________
kexec mailing list
kexec(a)lists.fedoraproject.org
https://lists.fedoraproject.org/mailman/listinfo/kexec