Users mapped to SELinux login sysadm_u unable to login over ssh

Solution Verified - Updated -

Issue

  • Users mapped to SELinux login sysadm_u cannot login to the system over SSH.
  • Other unconfined logins (e.g. the root user) can login successfully.
  • An error similar to the following is seen after a failing login attempt:

     # ssh foobar@host.example.com
    foobar@host.example.com's password: 
    Unable to get valid context for foobar
    Last login: Fri Oct 04 08:10:21 2019 from ::1
    Connection to host.example.com closed.
    
  • Errors similar to the following appear in logs:

    Oct  4 08:11:11 host.example.com sshd[XXXX]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
    Oct  4 08:11:11 host.example.com sshd[XXXX]: error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument
    

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In