Users mapped to SELinux login sysadm_u unable to login over ssh - Red Hat Customer Portal

Issue

Users mapped to SELinux login sysadm_u cannot login to the system over SSH.
Other unconfined logins (e.g. the root user) can login successfully.

An error similar to the following is seen after a failing login attempt:

 # ssh foobar@host.example.com
foobar@host.example.com's password: 
Unable to get valid context for foobar
Last login: Fri Oct 04 08:10:21 2019 from ::1
Connection to host.example.com closed.

Errors similar to the following appear in logs:

Oct  4 08:11:11 host.example.com sshd[XXXX]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
Oct  4 08:11:11 host.example.com sshd[XXXX]: error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument

Environment

Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2024 Red Hat, Inc.

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)