-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/07/2011 04:45 PM, Lennart Poettering wrote: > On Thu, 07.07.11 22:42, Zbigniew Jędrzejewski-Szmek ([email protected]) wrote: > >> Hi, >> on freshly installed fedora-15 system, I've been trying out the nspawn, and >> running "systemd-nspawn -D debian-tree/" (i.e. just the shell) seems >> to cause /selinux to be remount ro on the _host_: >> >> $ rpm -q systemd >> systemd-26-5.fc15.x86_64 >> $ mount|grep selinux >> selinuxfs on /selinux type selinuxfs (rw,relatime) >> $ sudo systemd-nspawn -D debian-tree/ /bin/true >> $ mount|grep selinux >> selinuxfs on /selinux type selinuxfs (ro,relatime) >> >> This has a nasty consequence of breaking logins: >> Jul 7 22:17:05 fedora-15 sshd[14261]: Accepted publickey for zbyszek from >> 192.168.122.1 port 51205 ssh2 >> Jul 7 20:17:05 fedora-15 sshd[14262]: fatal: mm_request_receive: read: >> Connection reset by peer >> Jul 7 22:17:05 fedora-15 sshd[14261]: pam_selinux(sshd:session): >> conversation failed >> Jul 7 22:17:05 fedora-15 sshd[14261]: pam_selinux(sshd:session): No >> response to query: Would you like to enter a security context? [N] >> Jul 7 22:17:05 fedora-15 sshd[14261]: pam_selinux(sshd:session): Unable to >> get valid context for zbyszek >> Jul 7 22:17:05 fedora-15 sshd[14261]: pam_unix(sshd:session): session >> opened for user zbyszek by (uid=0) >> Jul 7 22:17:05 fedora-15 sshd[14261]: error: PAM: pam_open_session(): >> Authentication failure >> Jul 7 22:17:05 fedora-15 sshd[14264]: Received disconnect from >> 192.168.122.1: 11: disconnected by user >> >> In case of a login on a tty, the question about a security context >> is displayed on the screen. In case of ssh login, if just fails >> without any message displayed on the remote side. > > Newer versions of libselinux detect if /selinux read-only and consider > selinux as disabled if is. > > Lennart > Do I need to back port this to F15? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk4WHIsACgkQrlYvE4MpobNoGwCg21plu5JCs5wIv5fArvYDmOia 8+4An3FYGs3gsG21yNwkDAThrrV1kOYC =LoD+ -----END PGP SIGNATURE----- _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
