[redhat-lspp] unable to determine correct user context on login
Loulwa Salem
loulwas at us.ibm.com
Fri Mar 9 21:30:31 UTC 2007
Hi Dan,
This is more info on the problem I talked to you about on IRC. I am not sure if
I'm missing something, or it is actually a bug with the latest packages (note, I
saw this on two systems ppc and x86_64 installed fresh with the latest)
Description:
I have a user created on the system called ealuser, I try to login using it as in:
ssh -l ealuser/sysadm_r/s0-s15:c0.c1023 localhost
The command above fails with ..
Read from remote host localhost: Connection reset by peer
Connection to localhost closed.
I see these messages in /var/log/messages
Mar 9 10:42:03 joy-hv4 sshd[15929]: Accepted keyboard-interactive/pam for
ealuser from 127.0.0.1 port 43600 ssh2
Mar 9 10:42:04 joy-hv4 sshd[15929]: error: deny MLS level s0-s15:c0.c1023 (user
range s0-s15:c0.c1023)
Mar 9 10:42:04 joy-hv4 sshd[15929]: error: Failed to get default security
context for ealuser.
Mar 9 10:42:04 joy-hv4 sshd[15929]: fatal: SELinux failure. Aborting connection.
I am running in Enforcing and I have the ssh_sysadm_login boolean turned on.
I am on the latest rhel code, with lspp.67 and latest packages updated from
Steve's lspp repo (policy-42, mcstrans-0.2.3-1.el5)
Additional Info:
----------------
Here is the relevant semanage user -l output
SELinux User Prefix MCS Level MCS Range SELinux Roles
staff_u staff SystemLow SystemLow-SystemHigh sysadm_r staff_r
secadm_r auditadm_r
and the semanage login -l output
Login Name SELinux User MLS/MCS Range
ealuser staff_u SystemLow-SystemHigh
Has anyone seen similar behavior?
Thanks,
- Loulwa
More information about the redhat-lspp
mailing list