摘要
SELinux is preventing /usr/sbin/sshd (sshd_t) "append" to <Unknown>
(var_log_t).
详细的描述
SELinux is preventing /usr/sbin/sshd (sshd_t) "append" to <Unknown>
(var_log_t). The SELinux type var_log_t, is a generic type for all files in
the directory and very few processes (SELinux Domains) are allowed to write
to this SELinux type. This type of denial usual indicates a mislabeled
file. By default a file created in a directory has the gets the context of
the parent directory, but SELinux policy has rules about the creation of
directories, that say if a process running in one SELinux Domain (D1)
creates a file in a directory with a particular SELinux File Context (F1)
the file gets a different File Context (F2). The policy usually allows the
SELinux Domain (D1) the ability to write or append on (F2). But if for some
reason a file (<Unknown>) was created with the wrong context, this domain
will be denied. The usual solution to this problem is to reset the file
context on the target file, restorecon -v <Unknown>. If the file context
does not change from var_log_t, then this is probably a bug in policy.
Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against the
selinux-policy package. If it does change, you can try your application
again to see if it works. The file context could have been mislabeled by
editing the file or moving the file from a different directory, if the file
keeps getting mislabeled, check the init scripts to see if they are doing
something to mislabel the file.
<b>正在允许访问</b>
You can attempt to fix file context by executing restorecon -v <Unknown>
以下命令将允许这个权限:
restorecon <Unknown>
附加的信息
源上下文 system_u:system_r:sshd_t:s0-s0:c0.c1023
目标上下文 system_u:object_r:var_log_t:s0
目标对象 None [ file ]
受影响的 RPM 包 openssh-server-4.7p1-2.fc8 [application]
策略 RPM selinux-policy-3.0.8-44.fc8
Selinux 激活 True
策略类型 targeted
MLS 激活 True
强制模式 Enforcing
插件名称 plugins.mislabeled_file
主机名 localhost.localdomain
平台 Linux localhost.localdomain 2.6.23.1-42.fc8 #1 SMP
Tue Oct 30 13:55:12 EDT 2007 i686 i686
警告记数 16187
First Seen 2008年05月07日 星期三 06时45分14秒
Last Seen 2008年07月09日 星期三 08时43分15秒
Local ID
行数
原始 Audit 消息
avc: denied { append } for comm=sshd dev=sda9 egid=0 euid=0 exe=/usr/sbin/sshd
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=btmp pid=26546
scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=system_u:object_r:var_log_t:s0 tty=(none) uid=0
