On 07/07/2011 11:17 PM, Lennart Poettering wrote: > On Thu, 07.07.11 16:52, Daniel J Walsh ([email protected]) wrote: > >>>> This has a nasty consequence of breaking logins: >>>> Jul 7 22:17:05 fedora-15 sshd[14261]: Accepted publickey for zbyszek from >>>> 192.168.122.1 port 51205 ssh2 >>>> Jul 7 20:17:05 fedora-15 sshd[14262]: fatal: mm_request_receive: read: >>>> Connection reset by peer >>>> Jul 7 22:17:05 fedora-15 sshd[14261]: pam_selinux(sshd:session): >>>> conversation failed >>>> Jul 7 22:17:05 fedora-15 sshd[14261]: pam_selinux(sshd:session): No >>>> response to query: Would you like to enter a security context? [N] >>>> Jul 7 22:17:05 fedora-15 sshd[14261]: pam_selinux(sshd:session): Unable >>>> to get valid context for zbyszek >>>> Jul 7 22:17:05 fedora-15 sshd[14261]: pam_unix(sshd:session): session >>>> opened for user zbyszek by (uid=0) >>>> Jul 7 22:17:05 fedora-15 sshd[14261]: error: PAM: pam_open_session(): >>>> Authentication failure >>>> Jul 7 22:17:05 fedora-15 sshd[14264]: Received disconnect from >>>> 192.168.122.1: 11: disconnected by user >>>> >>>> In case of a login on a tty, the question about a security context >>>> is displayed on the screen. In case of ssh login, if just fails >>>> without any message displayed on the remote side. >>> >>> Newer versions of libselinux detect if /selinux is read-only and consider >>> selinux disabled if it is. But why is it disabled _outside_ of the container? This would mean that running nspawn disables selinux.
>>> >> Do I need to back port this to F15? > > I see no immediate need as nspawn is still very new and this isn't a > regression. That said I am sure Zbigniew would be thankful? Zbigniew? Hi, for me personally it isn't crucial -- I was just playing around with nspawn and can reboot the machine easily. But, in general, I think that this could annoy a lot of people who only have remote access. But I think that this is an nspawn bug, so need to backport anything yet :) - Zbyszek _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
