Re: PAM Security related issue

2017-12-13 Thread Aman Sharma
Hi All, Below is the output of semanage USer command output for sftpuser: *specialuser_u user s0 s0 sysadm_r system_r* and for command semanage login -l , output is : *sftpuser specialuser_us0 ** *and also, after adding the debugging

Re: PAM Security related issue

2017-12-13 Thread Stephen Smalley
On Wed, 2017-12-13 at 21:40 +0530, Aman Sharma wrote: > Hi Stephen, > > Yes , I am using open env_params for it. But for this, my sftp is not > working and getting the below error message : > > Dec 13 13:00:00 aman authpriv 3 sshd: pam_selinux(sshd:session): > Unable to get valid context for

Re: PAM Security related issue

2017-12-13 Thread Dominick Grift
On Wed, Dec 13, 2017 at 09:40:25PM +0530, Aman Sharma wrote: > Hi Stephen, > > Yes , I am using open env_params for it. But for this, my sftp is not > working and getting the below error message : > > Dec 13 13:00:00 aman authpriv 3 sshd: pam_selinux(sshd:session): Unable to > get valid context

Re: PAM Security related issue

2017-12-13 Thread Aman Sharma
Hi Stephen, Yes , I am using open env_params for it. But for this, my sftp is not working and getting the below error message : Dec 13 13:00:00 aman authpriv 3 sshd: pam_selinux(sshd:session): Unable to get valid context for sftpuser Dec 13 13:00:00 aman authpriv 6 sshd: pam_unix(sshd:session):

Re: PAM Security related issue

2017-12-13 Thread Stephen Smalley
On Tue, 2017-12-12 at 23:47 -0500, Aman Sharma wrote: > Hi All, > > just wanted to know the meaning of line session    required    >  pam_selinux.so open env_params added in /etc/pam.d/sshd file. > Actually I am facing one issue related to this. When I changed this > env_params to restore then my

Re: [BUG]kernel softlockup due to sidtab_search_context run for long time because of too many sidtab context node

2017-12-13 Thread Stephen Smalley
On Wed, 2017-12-13 at 09:25 +, yangjihong wrote: > Hello,  > > I am doing stressing testing on 3.10 kernel(centos 7.4), to > constantly starting numbers of docker ontainers with selinux enabled, > and after about 2 days, the kernel softlockup panic: >    [] sched_show_task+0xb8/0x120 >  []

[BUG]kernel softlockup due to sidtab_search_context run for long time because of too many sidtab context node

2017-12-13 Thread yangjihong
Hello, I am doing stressing testing on 3.10 kernel(centos 7.4), to constantly starting numbers of docker ontainers with selinux enabled, and after about 2 days, the kernel softlockup panic: [] sched_show_task+0xb8/0x120 [] show_lock_info+0x20f/0x3a0 [] watchdog_timer_fn+0x1da/0x2f0 [] ?

Re: [PATCH 2/4] sctp: Add ip option support

2017-12-13 Thread Paul Moore
On Tue, Dec 12, 2017 at 4:56 PM, Marcelo Ricardo Leitner wrote: > On Tue, Dec 12, 2017 at 04:33:03PM -0500, Paul Moore wrote: >> On Tue, Dec 12, 2017 at 11:08 AM, Marcelo Ricardo Leitner >> wrote: >> > Hi Richard, >> > >> > On Mon, Nov 27,

[PATCH] python/semanage: make seobject.py backward compatible

2017-12-13 Thread Petr Lautrbach
Commit 985753f changed behavior of seobject class constructors. While semanage itself was fixed, there are other tools like system-config-selinux and chcat which depend on the original behavior. This change make the constructors backward compatible. Fixes: $ system-config-selinux Traceback (most

Re: PAM Security related issue

2017-12-13 Thread Aman Sharma
Also in the logs, I am getting the below error message : Dec 13 13:00:00 aman authpriv 3 sshd: pam_selinux(sshd:session): Unable to get valid context for sftpuser Dec 13 13:00:00 aman authpriv 6 sshd: pam_unix(sshd:session): session opened for user sftpuser by (uid=0) On Wed, Dec 13, 2017 at