[running latest FC3T1 w/ latest mods from devel tree, strict/enforcing kernel-2.6.7-1.494, openssh-3.8.1p1-4]
Attempting to scp into this host fails with 'Read from remote host HOST: connection reset by peer'
/var/log/messages on this host shows: Jul 22 12:05:18 fedora sshd(pam_unix)[13899]: session opened for user root by (uid=0) Jul 22 12:05:18 fedora kernel: audit(1090523118.784:0): avc: denied { transition } for pid=13899 exe=/usr/sbin/sshd Jul 22 12:05:26 fedora sshd(pam_unix)[13902]: session opened for user root by (uid=0) Jul 22 12:05:26 fedora kernel: audit(1090523126.143:0): avc: denied { transition } for pid=13902 exe=/usr/sbin/sshd
[There appear to be 145 blank characters after 'kernel:' and before 'audit(' on the lines above.]
/usr/sbin/sshd appears to be labeled correctly; -rwxr-xr-x root root system_u:object_r:sshd_exec_t /usr/sbin/sshd
tom
On Fri, 23 Jul 2004 06:25, Tom London selinux@comcast.net wrote:
[running latest FC3T1 w/ latest mods from devel tree, strict/enforcing kernel-2.6.7-1.494, openssh-3.8.1p1-4]
Attempting to scp into this host fails with 'Read from remote host HOST: connection reset by peer'
Please send me a .tgz format copy of your policy source directory after running "make clean". Also let me know whether you have sshd run from inetd or as a daemon.
[There appear to be 145 blank characters after 'kernel:' and before 'audit(' on the lines above.]
This is a kernel bug we've seen before. It seemed to appear after the transition to the new auditing model.
Uhhh.... I just installed the latest strict policy (selinux-policy-strict-sources-1.15.7-4) and sshd now works......
These are now the only messages from 'ssh localhost': Jul 23 09:14:30 fedora kernel: audit(1090599270.275:0): avc: denied { write } for pid=13806 exe=/usr/bin/ssh name=krb5.conf dev=hda2 ino=4474826 scontext=root:sysadm_r:sysadm_ssh_t tcontext=system_u:object_r:krb5_conf_t tclass=file Jul 23 09:14:30 fedora kernel: audit(1090599270.324:0): avc: denied { write } for pid=13806 exe=/usr/bin/ssh name=krb5.conf dev=hda2 ino=4474826 scontext=root:sysadm_r:sysadm_ssh_t tcontext=system_u:object_r:krb5_conf_t tclass=file Jul 23 09:14:34 fedora sshd(pam_unix)[13809]: session opened for user root by root(uid=0)
tom
Russell Coker wrote:
On Fri, 23 Jul 2004 06:25, Tom London selinux@comcast.net wrote:
[running latest FC3T1 w/ latest mods from devel tree, strict/enforcing kernel-2.6.7-1.494, openssh-3.8.1p1-4]
Attempting to scp into this host fails with 'Read from remote host HOST: connection reset by peer'
Please send me a .tgz format copy of your policy source directory after running "make clean". Also let me know whether you have sshd run from inetd or as a daemon.
[There appear to be 145 blank characters after 'kernel:' and before 'audit(' on the lines above.]
This is a kernel bug we've seen before. It seemed to appear after the transition to the new auditing model.
On Thu, 2004-07-22 at 16:25, Tom London wrote:
[running latest FC3T1 w/ latest mods from devel tree, strict/enforcing kernel-2.6.7-1.494, openssh-3.8.1p1-4]
Attempting to scp into this host fails with 'Read from remote host HOST: connection reset by peer'
Looks like run_ssh_inetd tunable was enabled (wrongly) in tunable.te; this replaces the normal transition from initrc_t (normal daemon startup) with one from inetd_t (inetd-based startup), so sshd is left in the wrong domain.
selinux@lists.fedoraproject.org
-
Russell Coker -
Stephen Smalley -
Tom London