On Fri, Jan 26, 2007 at 12:54:44PM -0800, Kylene Jo Hall wrote:
> More test data:
>
> ssh testuer/user_r/s#:c0,[EMAIL PROTECTED] works for every value of # between
> 0 and 15 except 2.
I can reproduce this, and it appears to be related to label translations.
This is in the /etc/selinux/mls/setrans.conf file:
# Secret level with compartments
s2=Secret
s2:c0=A
s2:c1=B
Commenting out these entries makes login work again.
Failed login:
type=USER_ROLE_CHANGE msg=audit(1170092360.977:951): user pid=2498 uid=0
auid=4294967295 subj=system_u:system_r:sshd_t:s0-s15:c0.c1023 msg='sshd:
default-context=staff_u:staff_r:staff_t:s0-s15:c0.c1023
selected-context=staff_u:staff_r:staff_t:Secret:A,B: exe="/usr/sbin/sshd"
(hostname=?, addr=?, terminal=? res=failed)'
Successful login (translation commented out):
type=USER_ROLE_CHANGE msg=audit(1170092403.742:991): user pid=2553 uid=0
auid=4294967295 subj=system_u:system_r:sshd_t:s0-s15:c0.c1023 msg='sshd:
default-context=staff_u:staff_r:staff_t:s0-s15:c0.c1023
selected-context=staff_u:staff_r:staff_t:s2:c0,c1: exe="/usr/sbin/sshd"
(hostname=?, addr=?, terminal=? res=success)'
Is "Secret:A,B" correct syntax?
-Klaus
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
