How to make sftp work? - Mark Müller

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Mark Müller" <trusted@web.de>
To: SELinux Mailing List <SELinux@tycho.nsa.gov>
Subject: How to make sftp work?
Date: Sat, 27 Jul 2002 18:24:45 +0200	[thread overview]
Message-ID: <3D42C94D.8000100@web.de> (raw)

Hello,
when I want to use sftp (with a Windows-SSH client) several AVC denied 
messages come:

--------
avc:  denied  { search } for  pid=3303 exe=/usr/sbin/sshd 
path=/usr/lib/ssh dev=08:09 ino=61510 scontext=system_u:system_r:sshd_t 
tcontext=system_u:object_r:sshd_exec_t tclass=dir

avc:  denied  { search } for  pid=3452 exe=/bin/bash path=/usr/lib/ssh 
dev=08:09 ino=61510 scontext=root:user_r:user_t 
tcontext=system_u:object_r:sshd_exec_t tclass=dir

avc:  denied  { getattr } for  pid=3452 exe=/usr/lib/ssh/sftp-server 
path=/root/.bash_history dev=08:09 ino=208 scontext=root:user_r:user_t 
tcontext=system_u:object_r:sysadm_home_t tclass=lnk_file

avc:  denied  { read } for  pid=3452 exe=/usr/lib/ssh/sftp-server 
path=/root/.bash_history dev=08:09 ino=208 scontext=root:user_r:user_t 
tcontext=system_u:object_r:sysadm_home_t tclass=lnk_file
--------

The sftp-server files are on a SuSE 7.3 distro in /usr/lib/ssh. I 
labelled them with sshd_exec_t.

The first AVC message can be solved with:
allow sshd_t sshd_exec_t:dir { search };

but why is bash involved in the second AVC denied message, and how can I 
  use sftp? Am I wrong or does bash in user_t start sftp-server and thus 
sftp-server is placed in the user_t domain?

Did I miss something important in order to work with sftp-server or do I 
have to launch a normal ftp server as there is already a TE 
configuration file?

Thanks in advance,
Mark

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next             reply	other threads:[~2002-07-27 16:24 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-07-27 16:24 Mark Müller [this message]
2002-07-27 16:46 ` How to make sftp work? Russell Coker
2002-07-28  8:42   ` Mark Müller
2002-07-29 13:19 ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3D42C94D.8000100@web.de \
    --to=trusted@web.de \
    --cc=SELinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.