<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Uhhh.... I just installed the latest strict policy <br>
(selinux-policy-strict-sources-1.15.7-4) and<br>
sshd now works......<br>
<br>
These are now the only messages from<br>
'ssh localhost':<br>
Jul 23 09:14:30 fedora kernel: audit(1090599270.275:0): avc: denied {
write } for pid=13806 exe=/usr/bin/ssh name=krb5.conf dev=hda2
ino=4474826 scontext=root:sysadm_r:sysadm_ssh_t
tcontext=system_u:object_r:krb5_conf_t tclass=file<br>
Jul 23 09:14:30 fedora kernel: audit(1090599270.324:0): avc: denied {
write } for pid=13806 exe=/usr/bin/ssh name=krb5.conf dev=hda2
ino=4474826 scontext=root:sysadm_r:sysadm_ssh_t
tcontext=system_u:object_r:krb5_conf_t tclass=file<br>
Jul 23 09:14:34 fedora sshd(pam_unix)[13809]: session opened for user
root by root(uid=0)<br>
<br>
tom<br>
<br>
Russell Coker wrote:
<blockquote cite="mid200407231514.57613.russell@coker.com.au"
type="cite">
<pre wrap="">On Fri, 23 Jul 2004 06:25, Tom London <a class="moz-txt-link-rfc2396E" href="mailto:selinux@comcast.net"><selinux@comcast.net></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">[running latest FC3T1 w/ latest mods from devel tree, strict/enforcing
kernel-2.6.7-1.494, openssh-3.8.1p1-4]
Attempting to scp into this host fails with
'Read from remote host HOST: connection reset by peer'
</pre>
</blockquote>
<pre wrap=""><!---->
Please send me a .tgz format copy of your policy source directory after
running "make clean". Also let me know whether you have sshd run from inetd
or as a daemon.
</pre>
<blockquote type="cite">
<pre wrap="">[There appear to be 145 blank characters after 'kernel:' and before
'audit(' on the lines above.]
</pre>
</blockquote>
<pre wrap=""><!---->
This is a kernel bug we've seen before. It seemed to appear after the
transition to the new auditing model.
</pre>
</blockquote>
</body>
</html>