Ubuntu - SSH - 无法获取有效上下文

tag-icon tag-icon ubuntu ssh selinux
Ubuntu - SSH - 无法获取有效上下文

当我从 Mac 登录到 Ubuntu 时,我看到一个奇怪的警告“ Unable to get valid context for <user>”。我不记得这是什么时候开始的,也不记得是什么变化导致了这种情况。到目前为止,我还没有遇到任何不良影响,我只是不确定为什么现在会出现这个消息。

Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-104-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

0 packages can be updated.
0 updates are security updates.


Unable to get valid context for meanwhileinhell
Last login: Tue Dec 19 10:31:44 2017 from 192.168.2.1



/var/log/auth.log

sshd[6147]: Accepted publickey for meanwhileinhell from 192.168.2.1 port 57194 ssh2: RSA SHA256:<key>
sshd[6147]: pam_unix(sshd:session): session opened for user meanwhileinhell by (uid=0)
systemd-logind[780]: New session 6 of user meanwhileinhell.
sshd[6147]: pam_selinux(sshd:session): Unable to get valid context for meanwhileinhell
sshd[6177]: error: ssh_selinux_getctxbyname: Failed to get default SELinux security context for meanwhileinhell
sshd[6147]: error: ssh_selinux_getctxbyname: Failed to get default SELinux security context for meanwhileinhell
sshd[6147]: error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument



$ sestatus -v

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             ubuntu
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      30

Process contexts:
Current context:                system_u:system_r:kernel_t:s0
Init context:                   system_u:system_r:kernel_t:s0

File contexts:
Controlling terminal:           system_u:object_r:devpts_t:s0
/etc/passwd                     system_u:object_r:file_t:s0
/etc/shadow                     system_u:object_r:file_t:s0
/bin/bash                       system_u:object_r:file_t:s0
/bin/login                      system_u:object_r:file_t:s0
/bin/sh                         system_u:object_r:file_t:s0 -> 
system_u:object_r:file_t:s0
/sbin/agetty                    system_u:object_r:file_t:s0
/sbin/init                      system_u:object_r:file_t:s0 -> 
system_u:object_r:file_t:s0
/usr/sbin/sshd                  system_u:object_r:file_t:s0

我对 SELinux 了解甚少,所以不太愿意继续运行未知命令,但如果有人能帮助我理解这意味着什么,我将非常感激。我发现了这个问题Linux 控制台:“无法获取有效上下文...”但它没有提供任何有用的东西。

$ semanage login -l
ValueError: SELinux policy is not managed or store cannot be accessed.

答案1

$ semanage login -l

这会失败,因为您需要以 root 身份执行此操作。当我使用“sudo”时,它会起作用。我不知道这是否能让您更接近答案;我在尝试找出如何解决这个问题时偶然发现了您的问题!

相关内容