Users mapped to SELinux login sysadm_u unable to login over ssh

Solution Verified - Updated -


  • Users mapped to SELinux login sysadm_u cannot login to the system over SSH.
  • Other unconfined logins (e.g. the root user) can login successfully.
  • An error similar to the following is seen after a failing login attempt:

     # ssh's password: 
    Unable to get valid context for foobar
    Last login: Fri Oct 04 08:10:21 2019 from ::1
    Connection to closed.
  • Errors similar to the following appear in logs:

    Oct  4 08:11:11 sshd[XXXX]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
    Oct  4 08:11:11 sshd[XXXX]: error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument


  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content