To work around this issue without patching and recompiling the policy:
cd /etc/selinux/ ; mkdir -p fixes ; cd fixes/
Create ssh_cat_fix.te
module ssh_cat_fix 1.0;
require {
type sshd_t;
}
typeattribute sshd_t mcssetcats;
checkmodule -m -M -o ssh_cat_fix.mod ssh_cat_fix.te
Package: selinux-policy-default
Version: 2:2.20110726-3
Severity: important
When protecting sshd with this policy, the transition that occurs when running
the user's shell is always denied, which prevents users from logging in:
type=AVC msg=audit(1349808486.496:121): avc: denied { transition }
2 matches
Mail list logo
