Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: ssh policy hassles
From: Dale Amon <amon_at_vnl.com>
Date: Thu, 25 Sep 2003 11:29:55 +0100
Some ssh documentation recommends this as the default setup,
mkdir /var/empty
But debian has this setup: /etc/passwd sshd:x:102:65534::/var/run/sshd:/dev/null /etc/group ssh:x:105: /var drwxr-xr-x 2 root root 1024 Aug 27 2002 empty /var/run drwxr-xr-x 2 root root 1024 Aug 22 22:26 /var/run/sshd Which looks like it should be using /var/run/sshd insteady of /var/empty, and yet the search priv on /var fixed one problem.
> You might want to define a special type for the empty dir, so you can That might be necessary. As far as I can tell, I've got a straight out of the dpkg openssh install on this box. I'd think anyone else on debian should be seeing the same problem if this is the case, so I'm very interested in seeing where the real problem lies, ie specific to my test machine, or a general package problem for debian, or a generic problem for ssh policy. I've now also got to follow up on Russ's suggestions. His note that the missing inode is a /proc item might be very helpful on that one. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Thu 25 Sep 2003 - 06:30:06 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |