[CentOS] An selinux issue

Wed Mar 7 20:18:20 UTC 2018
m.roth at 5-cent.us <m.roth at 5-cent.us>

CentUS 7.4

>From sealert:
SELinux is preventing /usr/sbin/sshd from read access on the file
/etc/ssh/moduli.

*****  Plugin restorecon (94.8 confidence) suggests  
************************

If you want to fix the label.
/etc/ssh/moduli default label should be etc_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /etc/ssh/moduli
<...>
Additional Information:
Source Context                system_u:system_r:sshd_t:s0-s0:c0.c1023
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                /etc/ssh/moduli [ file ]
Source                        sshd
Source Path                   /usr/sbin/sshd
---------

Except:
ls -laFZ /etc/ssh/moduli
-rw-r--r--. root root system:object_r:etc_t:s0         /etc/ssh/moduli

ls -laFZ /usr/sbin/sshd
-rwxr-xr-x. root root system_u:object_r:sshd_exec_t:s0 /usr/sbin/sshd*

And I even restarted sshd. So, what's selinux seeing that I'm not?


      mark