Need help with SELinux and SGE/ssh
Daniel J Walsh
dwalsh at redhat.com
Fri Aug 3 19:27:14 UTC 2007
Orion Poplawski wrote:
> I'm running Sun Grid Engine on a CentOS 5 cluster and am having
> trouble with SELinux preventing the proper setup of parallel
> environments. Turning SELinux off allows everything to work properly.
>
> The problem seems to be when SGE tries to use ssh to login to a remote
> machine. As part of this process, it starts up a private sshd daemon
> to handle the connection. The relevant error appears to be:
>
> type=USER_LOGIN msg=audit(1186001097.981:19489): user pid=12066 uid=0
> auid=0 subj=root:system_r:unconfined_t:s0-s0:c0.c1023 msg='acct=steph:
> exe="/usr/sbin/sshd" (hostname=?, addr=192.168.0.120, terminal=sshd
> res=failed)'
> type=USER_ROLE_CHANGE msg=audit(1186001098.201:19491): user pid=12066
> uid=0 auid=0 subj=root:system_r:unconfined_t:s0-s0:c0.c1023 msg='sshd:
> default-context=user_u:system_r:unconfined_t:s0
> selected-context=user_u:system_r:unconfined_t:s0-s0:c0.c1023:
> exe="/usr/sbin/sshd" (hostname=?, addr=?, terminal=? res=failed)'
>
> sshd reports:
> Aug 1 14:44:58 coop00 sshd[12066]: error: deny MLS level
> SystemLow-SystemHigh (user range s0). Continuing in permissive mode
>
> I'm at a loss here. Can anyone explain what is going on and what is
> failing? How can I make it work without running in permissive mode?
>
> Thanks!
>
What context is your sshd running under?
Normal sshd runs under
system_u:system_r:sshd_t:SystemLow-SystemHigh
I think you might be having a problem if you sshd is only running at s0
and trying to log people in at
SystemLow-SystemHigh.
More information about the fedora-selinux-list
mailing list