SELINUX sysadm_u and SSH - Unable to get valid context for username

Question

Once I set user usernameto sysadm_u they are no longer able to login via SSH and receive the error: Unable to get valid context for username

Commands

semanage login -m -s sysadm_u username
semanage login -a -s sysadm_u username
restorecon -RF /home/username

When I run ausearch -m AVC -m USER_AVC -m SELINUX_ERR I get the following:

type=AVC msg=audit(1590015667.658:4996): avc:  denied  { noatsecure } for  pid=7424 comm="bash" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0
type=AVC msg=audit(1590015667.658:4996): avc:  denied  { siginh } for  pid=7424 comm="bash" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0

For here I am lost as how to fix this.

score 0 · Accepted Answer · answered May 21 '20 at 20:15

0

This was fixed by sudo setsebool -P ssh_sysadm_login on

See: https://bugzilla.redhat.com/show_bug.cgi?id=1814549

answered May 21 '20 at 20:15

Michael Hobbs

245
3
8

SELINUX sysadm_u and SSH - Unable to get valid context for username

1 Answers1