[redhat-lspp] Re: MLS Policy (rawhide)
Stephen Smalley
sds at tycho.nsa.gov
Fri Sep 8 20:03:33 UTC 2006
On Fri, 2006-09-08 at 14:47 -0500, Michael C Thompson wrote:
> Stephen Smalley wrote:
> > On Fri, 2006-09-08 at 14:28 -0500, Michael C Thompson wrote:
> >> Daniel J Walsh wrote:
> >>> Michael C Thompson wrote:
> >>>> Hey all,
> >>>>
> >>>> It seems that ssh is unable to add entries to known_hosts for the root
> >>>> user as sysadm_t. Is this a known issue? And if so, who can add
> >>>> entries to /root/.ssh/known_hosts ?
> >>>>
> >>>> Thanks,
> >>>> Mike
> >>>>
> >>> This works for me. How is the file labeled?
> >> # ls -alZ /root/.ssh
> >> drwx------ root root root:object_r:user_home_ssh_t:SystemLow .
> >> drwxr-x--- root root
> >> root:object_r:sysadm_home_dir_t:SystemLow-SystemHigh ..
> >> -rw------- root root root:object_r:bin_t:SystemLow id_rsa
> >> -rw-r--r-- root root root:object_r:bin_t:SystemLow id_rsa.pub
> >> -rw-r--r-- root root root:object_r:user_home_ssh_t:SystemLow known_hosts
> >
> > /sbin/restorecon -R /root/.ssh
>
> I have relabeled this system numerous times with touch /.autorelabel...
> why wasn't this picked up?
Not sure, not a big fan of autorelabeling myself. Is /home on a
separate partition? Would it be mounted when the relabel runs from
rc.sysinit?
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list