[redhat-lspp] Re: MLS Policy (rawhide)
Michael C Thompson
thompsmc at us.ibm.com
Fri Sep 8 20:07:50 UTC 2006
Stephen Smalley wrote:
> On Fri, 2006-09-08 at 14:47 -0500, Michael C Thompson wrote:
>> Stephen Smalley wrote:
>>> On Fri, 2006-09-08 at 14:28 -0500, Michael C Thompson wrote:
>>>> Daniel J Walsh wrote:
>>>>> Michael C Thompson wrote:
>>>>>> Hey all,
>>>>>>
>>>>>> It seems that ssh is unable to add entries to known_hosts for the root
>>>>>> user as sysadm_t. Is this a known issue? And if so, who can add
>>>>>> entries to /root/.ssh/known_hosts ?
>>>>>>
>>>>>> Thanks,
>>>>>> Mike
>>>>>>
>>>>> This works for me. How is the file labeled?
>>>> # ls -alZ /root/.ssh
>>>> drwx------ root root root:object_r:user_home_ssh_t:SystemLow .
>>>> drwxr-x--- root root
>>>> root:object_r:sysadm_home_dir_t:SystemLow-SystemHigh ..
>>>> -rw------- root root root:object_r:bin_t:SystemLow id_rsa
>>>> -rw-r--r-- root root root:object_r:bin_t:SystemLow id_rsa.pub
>>>> -rw-r--r-- root root root:object_r:user_home_ssh_t:SystemLow known_hosts
>>> /sbin/restorecon -R /root/.ssh
>> I have relabeled this system numerous times with touch /.autorelabel...
>> why wasn't this picked up?
>
> Not sure, not a big fan of autorelabeling myself.
Me either, not sure how it got some messed up though.
> Is /home on a
> separate partition? Would it be mounted when the relabel runs from
> rc.sysinit?
Well, it wasn't in /home, but even then that isn't the case. But it
works now, so thanks Stephen :)
Mike
More information about the redhat-lspp
mailing list