When trying to access a SElinux system with sftp it fails. A look at the logs show that sshd is not allowed to getattr for /usr/lib/misc/sftp-server. I have included patches to ssh.fc and ssh.te that fix this problem. I label sftp-server with sftp_exec_t and grant only those permissions needed in order to execute it. I've tested it and it seems to work fine. Reproducible: Always Steps to Reproduce: 1. try and sftp into a SElinux system. "sftp localhost" on an SElinux system will also exibit the same behavior.
Created attachment 22099 [details, diff] ssh.fc diff
Created attachment 22100 [details, diff] ssh.te diff
Fixed in policy cvs, however sftp-server is labeled as bin_t, plus the getattr on bin_t for sshd_t.