[redhat-lspp] Problem SSH-ing into LSPP system with multiple categories
Kylene Jo Hall
kjhall at us.ibm.com
Fri Jan 26 21:01:15 UTC 2007
More test data:
[root at rheal3a ~]# ssh testuser/user_r/s2:c0 at localhost
Password:
Last login: Fri Jan 26 14:55:13 2007 from rheal3a.endicott.ibm.com
-bash-3.1$ id
uid=501(testuser) gid=501(testuser) groups=501(testuser)
context=testuser_u:user_r:user_t:A
-bash-3.1$ exit
logout
Connection to localhost closed.
[root at rheal3a ~]# ssh testuser/user_r/s2:c1 at localhost
Password:
Last login: Fri Jan 26 14:55:29 2007 from rheal3a.endicott.ibm.com
-bash-3.1$ id
uid=501(testuser) gid=501(testuser) groups=501(testuser)
context=testuser_u:user_r:user_t:B
-bash-3.1$ exit
logout
Connection to localhost closed.
[root at rheal3a ~]# ssh testuser/user_r/s2:c3 at localhost
Password:
Last login: Fri Jan 26 14:55:40 2007 from rheal3a.endicott.ibm.com
-bash-3.1$ id
uid=501(testuser) gid=501(testuser) groups=501(testuser)
context=testuser_u:user_r:user_t:s2:c3
-bash-3.1$ quit
-bash: quit: command not found
-bash-3.1$ exit
logout
Connection to localhost closed.
[root at rheal3a ~]# ssh testuser/user_r/s2:c2 at localhost
Password:
Last login: Fri Jan 26 14:56:05 2007 from rheal3a.endicott.ibm.com
-bash-3.1$ ls
-bash-3.1$ id
uid=501(testuser) gid=501(testuser) groups=501(testuser)
context=testuser_u:user_r:user_t:s2:c2
-bash-3.1$ quit
-bash: quit: command not found
-bash-3.1$ exit
logout
Connection to localhost closed.
[root at rheal3a ~]# ssh testuser/user_r/s2:c2,c3 at localhost
Password:
Last login: Fri Jan 26 14:56:22 2007 from rheal3a.endicott.ibm.com
-bash-3.1$ id
uid=501(testuser) gid=501(testuser) groups=501(testuser)
context=testuser_u:user_r:user_t:s2:c2,c3
-bash-3.1$ exit
logout
Connection to localhost closed.
[root at rheal3a ~]#
On Fri, 2007-01-26 at 12:54 -0800, Kylene Jo Hall wrote:
> More test data:
>
> ssh testuer/user_r/s#:c0,c1 at localhost works for every value of # between
> 0 and 15 except 2.
>
> Thanks,
> Kylie
>
> On Fri, 2007-01-26 at 21:27 +0100, Tomas Mraz wrote:
> > On Fri, 2007-01-26 at 12:11 -0800, Kylene Jo Hall wrote:
> > > I have been unable to ssh into an LSPP system with multiple categories.
> > >
> > > For example the following work:
> > > ssh testuser/user_r/s2 at localhost
> > > ssh testuser/user_r/s2:c0 at localhost
> > > ssh testuser/user_r/s2:c1 at localhost
> > >
> > > But these do not:
> > > ssh testuser/user_r/s2:c0.c1 at localhost
> > > ssh testuser/user_r/s2:c0,c1 at localhost
> > >
> > > Policy version: selinux-policy-mls-2.4.6-28.el5
> > > Kernel version: kernel-2.6.18-1.3015.2.1.el5.lspp.63
> > >
> > > We have tested this on multiple architectures to no avail. Any
> > > suggestions?
> > Could you modify LogLevel in /etc/ssh/sshd_config to DEBUG3 and look
> > into the /var/log/secure what messages are there when the login fails?
> >
More information about the redhat-lspp
mailing list