Permission is denied for ssh-keygen when I try to execute it as root:sysadm_t. Reproducible: Always Steps to Reproduce: Actual Results: avc: denied { read } for pid=22529 exe=/bin/bash name=ssh-keygen dev=hda2 ino=73040 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ssh_keygen_exec_t tclass=file Expected Results: No denials.
Created attachment 39911 [details, diff] policy patch that includes a user domain macro for ssh_keygen_exec_t diff based on selinux-base-policy-20040906
Your patch works, the keys are created. Though it produces this denial two times: avc: denied { read write } for pid=32144 exe=/usr/bin/ssh-keygen name=tty dev=hda2 ino=176660 scontext=root:sysadm_r:sysadm_ssh_keygen_t tcontext=system_u:object_r:devtty_t tclass=chr_file Good work! Regards, S
Your patch works, the keys are created. Though it produces this denial two times: avc: denied { read write } for pid=32144 exe=/usr/bin/ssh-keygen name=tty dev=hda2 ino=176660 scontext=root:sysadm_r:sysadm_ssh_keygen_t tcontext=system_u:object_r:devtty_t tclass=chr_file Good work! Regards, Sören Lorenz
the newest version is on the devspace: http://dev.gentoo.org/~kaiowas/policy/macros/program/ssh_macros.te http://dev.gentoo.org/~kaiowas/policy/domains/program/ssh.te
fixed in policy cvs a different way