selinux adventures/troubles

Daniel J Walsh dwalsh at redhat.com
Tue Jan 6 14:15:25 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michal Jaegermann wrote:
> On Sun, Jan 04, 2009 at 02:29:44PM -0500, Daniel J Walsh wrote:
>> If you execute service sshd restart from the unconfined_t user does it
>> still start as system_crond_t?
> 
> # /etc/init.d/sshd restart
> Stopping sshd:                                             [  OK  ]
> Starting sshd:                                             [  OK  ]
> # ps -eZ | grep ssh
> system_u:system_r:system_crond_t:s0 23026 ?    00:00:00 sshd
> system_u:system_r:system_crond_t:s0 23074 ?    00:00:00 sshd
> 
> and the same after logging out and loging back in.
> 
> /usr/sbin/sshd has system_u:object_r:sshd_exec_t:s0 for its label.
> 
>> I actually just upgraded my Fathers machine from F8 to F10 and had a
>> problem with the root account not being setup to login correctly.  But I
>> saw no problems with sshd?
> 
> Other problems may show up yet.  I do not know.
> 
> I do not think that this happens consistently across installations
> and so far I do not see any rhyme or reason.  On another box you may
> not even notice that something is amiss.  It is not hard to imagine
> that you _think_ that you have a selinux protection after an upgrade
> while in reality everything is totally out-of-whack.
> 
> The other machine which went through F8->F10 upgrade, and which I
> was using for comparisons, does not give me any grief but I am not
> sure if it really looks like it should.
> 
>    Michal
> 
Can you execute

yum reinstall selinux-policy-targeted


and tell me if it gives you any errors?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkljZ30ACgkQrlYvE4MpobPvVACgq355BHSRYWjboVp9jbhQO3o2
XNsAnRMtAMVeClVRZERowE3ULxVEuuy9
=YCRs
-----END PGP SIGNATURE-----




More information about the fedora-test-list mailing list