[redhat-lspp] Problem SSH-ing into LSPP system with multiple categories
Daniel J Walsh
dwalsh at redhat.com
Fri Jan 26 22:31:12 UTC 2007
Kylene Jo Hall wrote:
> More test data:
>
>
> [root at rheal3a ~]# ssh testuser/user_r/s2:c0 at localhost
> Password:
> Last login: Fri Jan 26 14:55:13 2007 from rheal3a.endicott.ibm.com
> -bash-3.1$ id
> uid=501(testuser) gid=501(testuser) groups=501(testuser)
> context=testuser_u:user_r:user_t:A
> -bash-3.1$ exit
> logout
> Connection to localhost closed.
> [root at rheal3a ~]# ssh testuser/user_r/s2:c1 at localhost
> Password:
> Last login: Fri Jan 26 14:55:29 2007 from rheal3a.endicott.ibm.com
> -bash-3.1$ id
> uid=501(testuser) gid=501(testuser) groups=501(testuser)
> context=testuser_u:user_r:user_t:B
> -bash-3.1$ exit
> logout
> Connection to localhost closed.
> [root at rheal3a ~]# ssh testuser/user_r/s2:c3 at localhost
> Password:
> Last login: Fri Jan 26 14:55:40 2007 from rheal3a.endicott.ibm.com
> -bash-3.1$ id
> uid=501(testuser) gid=501(testuser) groups=501(testuser)
> context=testuser_u:user_r:user_t:s2:c3
> -bash-3.1$ quit
> -bash: quit: command not found
> -bash-3.1$ exit
> logout
> Connection to localhost closed.
> [root at rheal3a ~]# ssh testuser/user_r/s2:c2 at localhost
> Password:
> Last login: Fri Jan 26 14:56:05 2007 from rheal3a.endicott.ibm.com
> -bash-3.1$ ls
> -bash-3.1$ id
> uid=501(testuser) gid=501(testuser) groups=501(testuser)
> context=testuser_u:user_r:user_t:s2:c2
> -bash-3.1$ quit
> -bash: quit: command not found
> -bash-3.1$ exit
> logout
> Connection to localhost closed.
> [root at rheal3a ~]# ssh testuser/user_r/s2:c2,c3 at localhost
> Password:
> Last login: Fri Jan 26 14:56:22 2007 from rheal3a.endicott.ibm.com
> -bash-3.1$ id
> uid=501(testuser) gid=501(testuser) groups=501(testuser)
> context=testuser_u:user_r:user_t:s2:c2,c3
> -bash-3.1$ exit
> logout
> Connection to localhost closed.
> [root at rheal3a ~]#
>
>
>
> On Fri, 2007-01-26 at 12:54 -0800, Kylene Jo Hall wrote:
>
>> More test data:
>>
>> ssh testuer/user_r/s#:c0,c1 at localhost works for every value of # between
>> 0 and 15 except 2.
>>
>> Thanks,
>> Kylie
>>
>> On Fri, 2007-01-26 at 21:27 +0100, Tomas Mraz wrote:
>>
>>> On Fri, 2007-01-26 at 12:11 -0800, Kylene Jo Hall wrote:
>>>
>>>> I have been unable to ssh into an LSPP system with multiple categories.
>>>>
>>>> For example the following work:
>>>> ssh testuser/user_r/s2 at localhost
>>>> ssh testuser/user_r/s2:c0 at localhost
>>>> ssh testuser/user_r/s2:c1 at localhost
>>>>
>>>> But these do not:
>>>> ssh testuser/user_r/s2:c0.c1 at localhost
>>>> ssh testuser/user_r/s2:c0,c1 at localhost
>>>>
>>>> Policy version: selinux-policy-mls-2.4.6-28.el5
>>>> Kernel version: kernel-2.6.18-1.3015.2.1.el5.lspp.63
>>>>
>>>> We have tested this on multiple architectures to no avail. Any
>>>> suggestions?
>>>>
>>> Could you modify LogLevel in /etc/ssh/sshd_config to DEBUG3 and look
>>> into the /var/log/secure what messages are there when the login fails?
>>>
>>>
>
>
I am not able to recreate this here.
semanage user -l
semanage login -l
ps -eZ | grep ssh
More information about the redhat-lspp
mailing list