-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris PeBenito schrieb:
> On Tue, 2007-08-28 at 15:03 +0200, Paul Rauch wrote:
>> Chris PeBenito schrieb:
>>> On Fri, 2007-08-24 at 10:43 +0200, Paul Rauch wrote:
>>>> Hello list,
>>>> after I installed selinux sshd does not work anymore.
>>>> it fails to bind to port 22:
>>>> "[sshd] error: Bind to port 22 on 0.0.0.0 failed: Address already in use".
>>>> I already tried to fix it according to the troubleshooting:
>>> Do you have any denial messages in dmesg/syslog?
>>>
>> I now managed to get things labeled correctly,
>> and It now does not produce the can't bind to port message anymore.
>> but still it does not allow me to login remotely.
>> I don't know why, though.
>> but the output from netstat -nlp confuses me (see attachment)
>>
>> and yes, it send out some errors(this happens when running
>> /etc/init.d/sshd restart):
>>
>> Aug 28 16:59:39 [sshd] Received signal 15; terminating.
>> Aug 28 16:59:40 [kernel] audit(1188313180.050:92): avc: denied { read
>> } for pid=6805 comm="sshd" name="lib" dev=hda3 ino=48675
>> scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:default_t
>> tclass=lnk_file
>> Aug 28 16:59:40 [sshd] Server listening on 0.0.0.0 port 22.
>
> Is this an amd64 system? If so, is the /lib symlink default_t?
>
Yes, it is.
Then I should change it to lib_t somehow, or?
at least lib32 and lib64 have these values.
I now ran "chcon -h -t lib_t /lib"
now it works :)
but I read that this will be altered again, if I relabel the entire
filesystem, which means I should add this to the policy, in order to
make it permanent.
thank you for your help :)
greetz Paul Rauch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iQIVAwUBRtZyNBG67lyyQrltAQKeqg/+LxrklySv1N2auVNqIx55OPT1K3SweQYm
GRmz84Ep8S01cCBxBZG66yku4lh9YQDtGHBCIFPpB7z9azvCxKL3NCVHVC3CZDgR
Ov7DTivffTJaYNvCbZNYZr4ACTb7Il8hugD3JxqQiIuHV2X/4EMTiiKEIrn4tRlw
6ws4oBeigqulWf8Ygw6I6q/5MiUmeVpJfR7X+89nCm9GjaDrQxfqsAQtc4hBEhz9
BkeWginjoZ94FP8KyHhwL669k94XMld8YtAZMtf981tiL7URTOpIowdbp1aEA/ku
6+jNxeKkrhoh6ns2UniRAvALnJSqFX/HU0D2Pb0Q50ST/rX2U63QZ2w/dl8Rnil3
pQ0RGeC/7BELk7GyK+SAPTiOOCzcWGeE69SFbHDbwbotEFJ7opOmA1YmIYRnJkm0
SVtc5XLOtWIt7I7LhBs+d1T/jx0vTH9uwOcVKtAzMjATaJEQ/GqLIcQh9dRbIp46
+2MQ92mxPPGeTD6qzWPw1K/TYaw/y+oIfXWgjrsmvShAUPVQyo5XAhpcl+ZRv3B2
OVezhtcjMsHJ5njzagCOaMx16HZty4rn8b1A6XRqAuxzI3ra/jEXoLKiNvTdh7Aw
8lD/8l+3p+W3PLBP1Nlze2eah2qPhrdjJbvReM/WyfwX4l5dc06JOLjfdQx2sLUu
e1yo94Rb6cg=
=79Qp
-----END PGP SIGNATURE-----
--
[EMAIL PROTECTED] mailing list
