While trying to get sshd to accept connections (which still isn't working, even after relabeling and restarting using run_init) I found that if I was _enforcing_ the policy when I ran run_init the password was displayed as I typed it. This is because run_init_t doesn't have permission to ioctl the tty. Maybe this isn't a problem. I'm fairly new to selinux. I simply added allow { run_init_t } tty_device_t:chr_file { read write ioctl getattr }; to my local.te becuase I don't know where the best place to put it was. Reproducible: Always Steps to Reproduce: 1. Turn on selinux enforcing 2. run_init /etc/init.d/sshd restart 3. Type in password Actual Results: Password was displayed while I was typing it Expected Results: Password should have been hiden
It seems that this must have been a problem with the labeling of the filesystem. After I relabeled it the password remains hidden.