On Thu, 2007-08-30 at 09:31 +0200, Paul Rauch wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Chris PeBenito schrieb:
> > On Tue, 2007-08-28 at 15:03 +0200, Paul Rauch wrote:
> >> Chris PeBenito schrieb:
> >>> On Fri, 2007-08-24 at 10:43 +0200, Paul Rauch wrote:
> >>>> Hello list,
> >>>> after I installed selinux sshd does not work anymore.
> >>>> it fails to bind to port 22:
> >>>> "[sshd] error: Bind to port 22 on 0.0.0.0 failed: Address already in
> >>>> use".
> >>>> I already tried to fix it according to the troubleshooting:
> >>> Do you have any denial messages in dmesg/syslog?
> >>>
> >> I now managed to get things labeled correctly,
> >> and It now does not produce the can't bind to port message anymore.
> >> but still it does not allow me to login remotely.
> >> I don't know why, though.
> >> but the output from netstat -nlp confuses me (see attachment)
> >>
> >> and yes, it send out some errors(this happens when running
> >> /etc/init.d/sshd restart):
> >>
> >> Aug 28 16:59:39 [sshd] Received signal 15; terminating.
> >> Aug 28 16:59:40 [kernel] audit(1188313180.050:92): avc: denied { read
> >> } for pid=6805 comm="sshd" name="lib" dev=hda3 ino=48675
> >> scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:default_t
> >> tclass=lnk_file
> >> Aug 28 16:59:40 [sshd] Server listening on 0.0.0.0 port 22.
> >
> > Is this an amd64 system? If so, is the /lib symlink default_t?
> >
> Yes, it is.
> Then I should change it to lib_t somehow, or?
> at least lib32 and lib64 have these values.
>
> I now ran "chcon -h -t lib_t /lib"
> now it works :)
> but I read that this will be altered again, if I relabel the entire
> filesystem, which means I should add this to the policy, in order to
> make it permanent.
> thank you for your help :)Yes. The next base-policy release will have this too. -- Chris PeBenito <[EMAIL PROTECTED]> Developer, Hardened Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
signature.asc
Description: This is a digitally signed message part
