[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] AVCs on fedora atomic host 91f0a3478e preventing ssh login

From: Tobias Florek <atomic ibotty net>
To: Daniel J Walsh <dwalsh redhat com>, atomic-devel projectatomic io
Subject: Re: [atomic-devel] AVCs on fedora atomic host 91f0a3478e preventing ssh login
Date: Tue, 15 Sep 2015 16:39:33 +0200

Hi,

after fixing the ostree-provided fs labels, there seem to be additional
problems. E.g.:

    # ls -Z /var/home/tob -d
    unconfined_u:object_r:default_t:s0 /var/home/tob/

which should most likely be unconfined_u:object_r:user_home_dir_t:s0.

That's most likely the cause of many more ssh AVCs I get.

Reading through the list of AVCs I get the feeling that most files are
mislabeled. restorecon -n does not say anything is wrong, so I am led to
believe that restorecon does not know its way on atomic hosts.  


I will keep that machine to debug the selinux tools, if you think that's
reasonable.


Cheers,
 Tobias Florek

Follow-Ups:
- Re: [atomic-devel] AVCs on fedora atomic host 91f0a3478e preventing ssh login
  - From: Daniel J Walsh

References:
- [atomic-devel] AVCs on fedora atomic host 91f0a3478e preventing ssh login
  - From: Tobias Florek
- Re: [atomic-devel] AVCs on fedora atomic host 91f0a3478e preventing ssh login
  - From: Daniel J Walsh
- Re: [atomic-devel] AVCs on fedora atomic host 91f0a3478e preventing ssh login
  - From: Tobias Florek
- Re: [atomic-devel] AVCs on fedora atomic host 91f0a3478e preventing ssh login
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]