pxe boot, NFS, Text install problems, selinux won't let sshd run bash

Jerry Williams jwilliam at xmission.com
Sat Jan 27 04:17:42 UTC 2007 

>From text mode install after reboot doing first boot, Network configuration.

/usr/lib/python2.5/site-=packages/rhpl/Conf.py:275: DeprecationWarning:
raising a string exception is deprecated
Raise FileMIssing, self.filename + ' does not exist.'

[root at f7 ~]# grep -v ^Install install.log
warning: mailcap-2.1.23-1.fc6: Header V3 DSA signature: NOKEY, key ID
897da07a
warning: elinks-0.11.1-5.1: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2

[root at f7 ~]# cat selinux_alert.txt
Summary
    SELinux is preventing /usr/sbin/sshd (system_chkpwd_t) "entrypoint" to
    /bin/bash (shell_exec_t).

Detailed Description
    SELinux denied access requested by /usr/sbin/sshd. It is not expected
that
    this access is required by /usr/sbin/sshd and this access may signal an
    intrusion attempt. It is also possible that the specific version or
    configuration of the application is causing it to require additional
access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for /bin/bash, restorecon -v
    /bin/bash If this does not work, there is currently no automatic way to
    allow this access. Instead,  you can generate a local policy module to
allow
    this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
    Or you can disable SELinux protection altogether. Disabling SELinux
    protection is not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information

Source Context
root:system_r:system_chkpwd_t:SystemLow-SystemHigh
Target Context                system_u:object_r:shell_exec_t
Target Objects                /bin/bash [ file ]
Affected RPM Packages         openssh-server-4.5p1-2.fc7
                              [application]bash-3.2-4.fc7 [target]
Policy RPM                    selinux-policy-2.5.1-5.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     f7.tinyfire.com
Platform                      Linux f7.tinyfire.com 2.6.19-1.2913.fc7 #1 SMP
Tue
                              Jan 23 17:55:44 EST 2007 i686 i686
Alert Count                   2
Line Numbers

Raw Audit Messages

avc: denied { entrypoint } for comm="sshd" dev=dm-0 egid=0 euid=0
exe="/usr/sbin/sshd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="bash"
path="/bin/bash" pid=2694
scontext=root:system_r:system_chkpwd_t:s0-s0:c0.c1023
sgid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=system_u:object_r:shell_exec_t:s0 tty=pts1 uid=0

Had to remove picture of the junk on the screen during the install.
Too big to post.
It happens at least 2 times during the install.

More information about the fedora-test-list mailing list