On (07/11/14 11:39), Sumit Bose wrote:
On Fri, Nov 07, 2014 at 08:44:07AM +0100, crony wrote:
Hi Sumit, I'm starting sshd by "service sshd restart" every time. You can find below logs from "tail -f /var/log/secure /var/log/audit/audit.log" from the moment of trying log in from AD Windows Station with SELinux=1
[root@client1 ~]# tail -f /var/log/secure /var/log/audit/audit.log ==> /var/log/secure <== Nov 7 08:14:08 client1 sshd[19874]: debug1: session_input_channel_req: session 0 req shell Nov 7 08:14:08 client1 sshd[19875]: debug1: Setting controlling tty using TIOCSCTTY. Nov 7 08:14:12 client1 su: pam_unix(su-l:session): session opened for user root by leszek(uid=507) Nov 7 08:14:59 client1 sshd[17287]: debug1: Got 100/242 for keepalive Nov 7 08:19:59 client1 sshd[17287]: debug1: Got 100/243 for keepalive Nov 7 08:21:27 client1 sshd[17876]: Received signal 15; terminating. Nov 7 08:21:27 client1 sshd[19980]: Set /proc/self/oom_score_adj from 0 to -1000 Nov 7 08:21:27 client1 sshd[19980]: debug1: Bind to port 22 on 0.0.0.0. Nov 7 08:21:27 client1 sshd[19980]: Server listening on 0.0.0.0 port 22. Nov 7 08:21:27 client1 sshd[19980]: socket: Address family not supported by protocol
==> /var/log/audit/audit.log <== type=PATH msg=audit(1415344887.668:20203): item=0 name="/var/lock/subsys/" inode=8204 dev=fd:03 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_lock_t:s0 nametype=PARENT type=PATH msg=audit(1415344887.668:20203): item=1 name="/var/lock/subsys/sshd" inode=51 dev=fd:03 mode=0100640 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:var_lock_t:s0 nametype=DELETE type=AVC msg=audit(1415344887.708:20204): avc: denied { read } for pid=19977 comm="sshd" name="tmp" dev=dm-3 ino=925 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_t:s0 tclass=lnk_file
Have you checked if there is an upate for the SELinux policy package? If I run the AVC through audit2allow in Fedora 20 I get:
#============= sshd_t ==============
#!!!! This avc is allowed in the current policy allow sshd_t var_t:lnk_file read;
Or the problem can be that file has wrong context. "restorecon -rv /var/lock/" can help.
LS