Subject: | |
From: | |
Reply To: | Dr. Jayakumar J S |
Date: | Thu, 10 Feb 2011 12:29:35 +0530 |
Content-Type: | multipart/alternative |
Parts/Attachments: |
|
|
Dear SL developer and user,
I am testing the 28 Jan 2011 SL6 beta release. There is a problem
with ssh. Pls see the terminal output.
[jsjayan@krishna ~]$ ssh labuser@serene
labuser@serene's password:
Permission denied, please try again.
labuser@serene's password:
Could not chdir to home directory /disk1/labuser: Permission denied
/usr/bin/xauth: timeout in locking authority file
/disk1/labuser/.Xauthority
[labuser@serene /]$
Finally it logs on the machine. However no X program can be executed.
A SELinux log is created in the host machine. It is as follows:
Summary:
SELinux is preventing /usr/sbin/sshd "search" access on labuser.
Detailed Description:
SELinux denied access requested by sshd. It is not expected that this
access is
required by sshd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.
Additional Information:
Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023
Target Context system_u:object_r:default_t:s0
Target Objects labuser [ dir ]
Source sshd
Source Path /usr/sbin/sshd
Port <Unknown>
Host serene
Source RPM Packages openssh-server-5.3p1-20.el6
Target RPM Packages
Policy RPM selinux-policy-3.7.19-54.el6
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall
Host Name serene
Platform Linux serene 2.6.32-71.el6.x86_64
#1 SMP Tue Nov 23 06:49:13 CST 2010
x86_64 x86_64
Alert Count 16
First Seen Wed 09 Feb 2011 03:07:11 PM IST
Last Seen Wed 09 Feb 2011 03:58:39 PM IST
Local ID a34a607e-2e13-4b24-9aaa-207ba8248d04
Line Numbers
Raw Audit Messages
node=serene.rpd.barc.gov.in type=AVC msg=audit(1297247319.903:173):
avc: denied { search } for pid=4500 comm="sshd" name="labuser"
dev=dm-2 ino=1572865 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:default_t:s0 tclass=dir
node=serene.rpd.barc.gov.in type=SYSCALL msg=audit(1297247319.903:173):
arch=c000003e syscall=80 success=no exit=-13 a0=7f12868d8c20 a1=ffffffff
a2=9 a3=0 items=0 ppid=4499 pid=4500 auid=502 uid=502 gid=502 euid=502
suid=502 fsuid=502 egid=502 sgid=502 fsgid=502 tty=pts1 ses=17
comm="sshd" exe="/usr/sbin/sshd"
subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
Note that this problem happens only if the login directory (home folder)
of the user in not in /home. Say for example it is in /disk1. This
puts restrictions on systems having multiple disks and large number of
users. This problem was not happening with SL5.5 and earlier releases.
Pls. take care of this in the release
Best wishes
--
Dr. Jayakumar J. S.
**
** in a free world without fences, who needs gates?
** help microsoft stamp out piracy - give linux to a friend today.
** to mess up a linux box, you need to work at it. to mess up an ms
windows box, you just need to **look** at it.
|
|
|