Mike <mike.cloaked <at> gmail.com> writes:
>
> The sealert output is:
>
> host=lapmike2 type=AVC msg=audit(1216928753.73:112): avc: denied { search }
> for pid=5282 comm="sshd" name="Local" dev=sda8 ino=1241537
> scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:file_t:s0 tclass=dir
>
> host=lapmike2 type=SYSCALL msg=audit(1216928753.73:112): arch=40000003
> syscall=12 success=no exit=-13 a0=b9b7b650 a1=b9b891c0 a2=b7f1b944 a3=b9b82270
> items=0 ppid=5281 pid=5282 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500
> egid=500 sgid=500 fsgid=500 tty=pts1 ses=6 comm="sshd" exe="/usr/sbin/sshd"
> subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
>
I ran sealert -b and followed the advice therein -
I did
restorecon -R /opt/*
Now the avc denial no longer happens but instead of allowing the ssh login
using the ssh keys that I copied from the old user area into .ssh I was
asked to give the login password.
Again I referred to the sealert message and it suggested that I do
restorecon -v '/opt/Local/home/mike/.ssh/authorized_keys2'
After doing this I still have the same requirement to enter the login
password when trying to ssh in from another machine.
The context for that file has a type usr_t - I don't know what it ought to
be?
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
