When I try to log on to my laptop, which runs Ubuntu 9.10, the server rejects my login attempts.

Checking /var/log/auth.log, I see the following:

Feb 14 12:41:16 tiger-laptop sshd[6798]: error: ssh_selinux_getctxbyname: Failed to get default SELinux security context for tiger

I googled for this, and ran across the following:

http://www.spinics.net/lists/fedora-.../msg13049.html

Here's the part that I think relates to the problem that I'm having:

Quote:

What's wrong on my system? Why it's not possible to login even if selinux is in permissive mode? Any suggestions?

I'd start by trying to figure out why sshd isn't running in sshd_t (it seems to be running in sysadm_t).

Paul.

selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mail...stinfo/selinux

Yes, sshd is running in sysadm_t:

ps axZ | grep sshd

system_u:system_r:sysadm_t 3632 ? Ss 0:00 /usr/sbin/sshd -o PidFile=/var/run/sshd.init.pi

ls -Z /usr/sbin/sshd

system_ubject_r:sshd_exec_t /usr/sbin/sshd

Don't know why it's not sshd_t. I didn't modified something. It's a standard installation of sles11 with the default reference policy from tresys.

Maybe this code snippet from policy/modules/services/ssh.te is responsible for that:

Allow ssh logins as sysadm_r:sysadm_t

gen_tunable(ssh_sysadm_login, true)

Any ideas?

Do you have boolean init_upstart set to on? if not try setting it to on. I do not believe ssh_sysadm_login boolean works currently but i may be mistaken. >

-- Yeah, setting init_upstart to on did the trick! THANK A LOT! Do you know why this prevents the user from logging in through ssh even if selinux is set to permissive??

Ok, so the million dollar question is "where do I set 'init_upstart=1'"?

It's not clear from context which configuration file needs to be edited, and I'm not at all familiar with SELinux configuration.