From: justinmattock@gmail.com (Justin Mattock)
Date: Mon, 8 Sep 2008 13:39:45 -0700
Subject: [refpolicy] Cannot use SSH with Refpolicy in Ubuntu Hardy
In-Reply-To: <20080908062558.GA17624@bobek.pm.i.cz>
References: <f00ed96d0809061736x73650e80s159ab2d5f2309cc2@mail.gmail.com>
	<BD351E70-D3B9-49D1-8DA6-43C7C99B0823@gmail.com>
	<f00ed96d0809061957w5fe62fd4sa7cf36113a82e01d@mail.gmail.com>
	<20080908062558.GA17624@bobek.pm.i.cz>
Message-ID: <dd18b0c30809081339g34852f1icbf65da2e59c0a93@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, Sep 7, 2008 at 11:25 PM, V?clav Ovs?k <vaclav.ovsik@i.cz> wrote:
> On Sat, Sep 06, 2008 at 10:57:26PM -0400, Hong wrote:
>> Thanks for your reply, Justin.
>>
>> I just changed the line `SELINUX=enforcing` to `SELINUX=permissive` and
>> reboot the system.
>>
>> After reboot, I checked `getenforce` and it returned `permissive`.
>>
>> But still I cannot ssh to the machine remotely...
>> After each try with a correct password, /var/log/message doesn't grow but
>> /var/log/audit/audit.log grows with one line.
>> If I tried with an incorrect password, neither of the two log files changed.
>
> Did you relabel file-system?
> If you have some SE Linux problem (denials), sshd may fail even in
> permissive mode, because it is SE Linux aware application and it can
> choose different code flow with SE Linux enabled. Running the system in
> permissive mode is not the same as running the system with SE Linux
> switched off. I observed this sshd problem too.
> Regards
> --
> Zito
>

I wondering if he disabled SELinux completly,
just to isolate the issue.

-- 
Justin P. Mattock