Selinux: Failure during smart card login when "ocsp" is enable.

Solution Verified - Updated -

Issue

  • Selinux: Failure during smart card login when "ocsp" is enable.

  • Error 1.

type=AVC msg=audit(1468858105.962:1007): avc:  denied  { name_connect } for  pid=2581 comm="login" dest=80 
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1468858105.962:1007): arch=c000003e syscall=42 success=no exit=-13 a0=a a1=7ffd27039710 a2=10 a3=28 items=0 ppid=1 
pid=2581 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4294967295 comm="login" exe="/bin/login" 
subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null) type=SOCKADDR msg=audit(1468858105.962:1007): 
saddr=020000509C70668E0000000000000000
  • Error 2
type=AVC msg=audit(1469019786.38:274): avc:  denied  { signull } for  pid=2610 comm="login" scontext=system_u:system_r:local_login_t:s0-
s0:c0.c1023 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process

type=SYSCALL msg=audit(1469019786.38:274): arch=x86_64 syscall=kill success=yes exit=0 a0=a79 a1=0 a2=4 a3=6 items=0 ppid=1 pid=2610 
auid=1060 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=3 comm=login exe=/bin/login  
subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null)

Environment

  • Red Hat Enterprise Linux 6
  • selinux-policy

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content