debug with sshd requires SELinux permission

Question

debug with sshd requires SELinux permission

zypA13510 opened this issue 6 years ago · 3 comments

This should probably be mentioned somewhere in the docs:
debug and debug_file does not work in SSH+PAM scenario unless SELinux allows sshd to open the file (I have not found the related sebool yet, I just set SELinux to permissive and it starts working). Took me a while to realize.

Answer 1 · 2019-06-24T07:30:49.000Z

Please contribute that as a patch where you would've been helped with it.

Answer 2 · 2019-06-24T07:39:03.000Z

Yeah, I was thinking about adding it in YubiKey_and_SELinux_on_Fedora_18_and_up.adoc, but then I spent the time looking for the sebool for this setting and couldn't find it.
Do you think it would be acceptable to instruct users to temporarily disable SELinux (set it to permissive mode)? Because that seems to be the only way I can find at the moment.

Answer 3 · 2019-06-24T07:42:15.000Z

I don't think I have the relevant expertise in SELinux to give advice like that (which is why I don't want to write guidance for it).