FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 01-09-2012, 01:33 PM
 
Default security contexts

In CentOS 6.2, I'm getting
sshd[6116]: pam_selinux(sshd:session): Security context
unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 is not allowed for

and

sshd[6116]: pam_selinux(sshd:session): Unable to get valid context for root

Googling shows me nothing useful - what's causing this? Is it a process or
a file that needs something changed? This is a production and home
directory server, so I can't touch /.autorelabel and reboot, though I can
certainly do whole directory trees.

mark

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 01-09-2012, 02:21 PM
Daniel J Walsh
 
Default security contexts

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/09/2012 09:33 AM, m.roth@5-cent.us wrote:
> In CentOS 6.2, I'm getting sshd[6116]: pam_selinux(sshd:session):
> Security context unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023
> is not allowed for
>
> and
>
> sshd[6116]: pam_selinux(sshd:session): Unable to get valid context
> for root
>
> Googling shows me nothing useful - what's causing this? Is it a
> process or a file that needs something changed? This is a
> production and home directory server, so I can't touch
> /.autorelabel and reboot, though I can certainly do whole directory
> trees.
>
> mark
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
ps -eZ | grep sshd.

You can run

fixfiles restore

Which would fix the labeling on your system without a reboot, it will
not guarantee that all processes are running with the correct label
though.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8LBggACgkQrlYvE4MpobPicQCcDmQNGNTPd3 EfjyJprgpcTbVW
YwQAn3KV6gXlEiT5BHFjgs3OweUFG9CC
=EF76
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 01-09-2012, 05:27 PM
 
Default security contexts

Daniel J Walsh wrote:
> On 01/09/2012 09:33 AM, m.roth@5-cent.us wrote:
>> In CentOS 6.2, I'm getting sshd[6116]: pam_selinux(sshd:session):
>> Security context unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023
>> is not allowed for
>>
>> and
>>
>> sshd[6116]: pam_selinux(sshd:session): Unable to get valid context
>> for root
>>
>> Googling shows me nothing useful - what's causing this? Is it a
<snip>
> ps -eZ | grep sshd.
>

Did that, and see:
system_u:system_r:kernel_t:s0 11506 ? 00:00:00 sshd

> You can run
>
> fixfiles restore
<snip>
Did this on /dev, /root, /usr, /lib (and the filesystem with users' home
directories). I'm still getting
sshd[12558]: error: ssh_selinux_setup_pty: security_compute_relabel:
Invalid argument

Clues?

mark

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 01-09-2012, 07:14 PM
Daniel J Walsh
 
Default security contexts

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/09/2012 01:27 PM, m.roth@5-cent.us wrote:
> Daniel J Walsh wrote:
>> On 01/09/2012 09:33 AM, m.roth@5-cent.us wrote:
>>> In CentOS 6.2, I'm getting sshd[6116]:
>>> pam_selinux(sshd:session): Security context
>>> unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 is not
>>> allowed for
>>>
>>> and
>>>
>>> sshd[6116]: pam_selinux(sshd:session): Unable to get valid
>>> context for root
>>>
>>> Googling shows me nothing useful - what's causing this? Is it
>>> a
> <snip>
>> ps -eZ | grep sshd.
>>
>
> Did that, and see: system_u:system_r:kernel_t:s0 11506 ?
> 00:00:00 sshd
>
>> You can run
>>
>> fixfiles restore
> <snip> Did this on /dev, /root, /usr, /lib (and the filesystem with
> users' home directories). I'm still getting sshd[12558]: error:
> ssh_selinux_setup_pty: security_compute_relabel: Invalid argument
>
> Clues?
>
> mark
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

Yes since init was not labeled correctly or anything else. the entire
machine booted as kernel_t, and no transitions happened, now that you
have relabeled everthing, if you reboot all the labels should be correct.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8LSrgACgkQrlYvE4MpobPtpQCfUlyqmvhmI8 oB2yybGHRk6RIY
tSAAnjRIa03NLtBXZXhOcrCFH/CORdQl
=Ea23
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 05:35 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org