Gentoo Linux -- List Archive: gentoo-hardened

Installation:
Gentoo Handbook
Installation Docs

Documentation:
Home
Listing
About Gentoo
Philosophy
Social Contract

Resources:
Bug Tracker
Developer List
Discussion Forums
Gentoo BitTorrents
Gentoo Linux Enhancement Proposals
IRC Channels
Mailing Lists
Mirrors
Name and Logo Guidelines
Online Package Database
Security Announcements
Staffing Needs
Supporting Vendors
View our CVS

Graphics:
Logos and themes
Icons
ScreenShots

Miscellaneous Resources:
Gentoo Linux Store
Gentoo-hosted projects
IBM dW/Intel article archive

List Archive: gentoo-hardened

Navigation:

Lists: gentoo-hardened: < Prev By Thread Next > < Prev By Date Next >

Headers:

To:	gentoo-hardened@g.o
From:	Mike Edenfield <kutulu@...>
Subject:	Cannot get openssh to set correct user contexts...
Date:	Thu, 04 Oct 2007 17:36:01 -0400

I'm setting up a SELinux-based server, which I have done numerous times, 
but for some reason I cannot get OpenSSH to set the correct user 
contexts for staff logins.

Note that logins work fine at the console, so this is definitely an 
OpenSSH problem.  However, I've checked everything I can think of any 
nothing is set wrong.

I have added myself as an SELinux login associated with the staff_u 
user, and indeed when I log in at the console it puts me into staff_r

I've added myself as an SELinux login associated with staff_u:
Login Name                SELinux User

__default__               user_u
kutulu                    staff_u
root                      root
system_u                  system_u

But when I log in via ssh, I'm in the user_r role, and sestatus gives me 
this:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          permissive
Policy version:                 21
Policy from config file:        strict

Process contexts:
Current context:                user_u:user_r:user_t
Init context:                   system_u:system_r:init_t
/sbin/agetty                    system_u:system_r:getty_t
/usr/sbin/sshd                  system_u:system_r:sshd_t

File contexts:
Controlling term:               user_u:object_r:user_devpts_t
/sbin/init                      system_u:object_r:init_exec_t
/sbin/agetty                    system_u:object_r:getty_exec_t
/bin/login                      system_u:object_r:login_exec_t
/sbin/rc                        system_u:object_r:initrc_exec_t
/sbin/runscript.sh              system_u:object_r:initrc_exec_t
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t
/usr/sbin/unix_chkpwd           system_u:object_r:chkpwd_exec_t
/etc/passwd                     system_u:object_r:etc_t
/etc/shadow                     system_u:object_r:shadow_t
/bin/sh                         system_u:object_r:bin_t -> 
system_u:object_r:shell_exec_t
/bin/bash                       system_u:object_r:shell_exec_t
/usr/bin/newrole                system_u:object_r:newrole_exec_t
/lib/libc.so.6                  system_u:object_r:lib_t -> 
system_u:object_r:shlib_t
/lib/ld-linux.so.2              system_u:object_r:lib_t -> 
system_u:object_r:ld_so_t


I get no errors from ssh itself that would indicate an inability to get 
the user context, and no audit messages that would indicate that 
something went wrong with SELinux.  I dunno what else to check.  Can 
anyone help me out here?

--Mike
-- 
gentoo-hardened@g.o mailing list

Replies:

Re: Cannot get openssh to set correct user contexts...
-- Adam James

Re: Cannot get openssh to set correct user contexts...
-- Chris PeBenito

Navigation:

Lists: gentoo-hardened: < Prev By Thread Next > < Prev By Date Next >

Previous by thread:

SELinux module compile error: unknown type

Next by thread:

Re: Cannot get openssh to set correct user contexts...

Previous by date:

Re: SELinux module compile error: unknown type

Next by date: