Package: selinux-policy-refpolicy-targeted
Version: 0.0.20070507-5
Severity: important
Remote logins via ssh fail with targeted reference policy.
Audit error message:
audit(1184954364.321:1975319): avc: denied { entrypoint } for pid=21508
comm="sshd" name="bash" dev=dm-0 ino=41107
scontext=user_u:system_r:system_chkpwd_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
patch (from http://www.pastebin.ca/628035):
--- policy/modules/services/ssh.te~ 2007-06-29 16:48:13.000000000 +0200
+++ policy/modules/services/ssh.te 2007-07-19 12:08:04.000000000 +0200
@@ -82,6 +82,7 @@
ifdef(`targeted_policy',`
unconfined_domain(sshd_t)
+ unconfined_shell_domtrans(sshd_t)
')
tunable_policy(`ssh_sysadm_login',`
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.22.1 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages selinux-policy-refpolicy-targeted depends on:
ii libpam-modules 0.79-4 Pluggable Authentication Modules f
ii libselinux1 2.0.15-2+b1 SELinux shared libraries
ii policycoreutils 2.0.16-1 SELinux core policy utilities
ii python 2.4.4-6 An interactive high-level object-o
Versions of packages selinux-policy-refpolicy-targeted recommends:
ii checkpolicy 2.0.2-1 SELinux policy compiler
ii setools 2.4-3 Tresys tools for managing Security
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
