[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

sshd constraint violation issue



Together with Dan Walsh, Jan Chadima we made some changes in the openssh 
package.

But we have the following issue with the following code

...

if (internal-sftp)
             setuid()
             getexecon(&scon)
             setcon(scon)
             freecon(scon)

...

We have

allow sshd_t unpriv_userdomain:process dyntransition

rule but we get a constraint violation with the following AVC msg

type=AVC msg=audit(1314348650.561:7910): avc:  denied  { dyntransition } 
for
pid=555 comm="sshd" 
scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023  
tcontext=staff_u:staff_r:staff_t:s0

because of

constrain process dyntransition
(
u1 == u2 and r1 == r2
)

My question is why dyntrans is not allowed to change USER or ROLE.


https://bugzilla.redhat.com/show_bug.cgi?id=729648

Regards,
Miroslav
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux

Google
  Web www.spinics.net