Users mapped to SELinux login sysadm_u unable to login over ssh
Issue
- Users mapped to SELinux login
sysadm_u
cannot login to the system over SSH. - Other unconfined logins (e.g. the
root
user) can login successfully. -
An error similar to the following is seen after a failing login attempt:
# ssh foobar@host.example.com foobar@host.example.com's password: Unable to get valid context for foobar Last login: Fri Oct 04 08:10:21 2019 from ::1 Connection to host.example.com closed.
-
Errors similar to the following appear in logs:
Oct 4 08:11:11 host.example.com sshd[XXXX]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session Oct 4 08:11:11 host.example.com sshd[XXXX]: error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument
Environment
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.