https://bugzilla.novell.com/show_bug.cgi?id=777232 https://bugzilla.novell.com/show_bug.cgi?id=777232#c0 Summary: OpenSSH depends on SELinux auditing feature; breaks AppArmor Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: i686 OS/Version: openSUSE 12.1 Status: NEW Severity: Critical Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: hachque@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1 It seems OpenSSH now relies on SELinux auditing features which are either non-existant or not yet available in the current build of AppArmor. This causes every attempted SSH authentication to fail while AppArmor is used (or I assume, any kernel that does not have SELinux running as the audit module). I have tested this with Tumbleweed kernel-xen and OpenSSH from 12.1 (5.8p2) and 12-1:Network (6.0p1) and this critical bug occurs in both. Reproducible: Always Steps to Reproduce: 1. Attempt to login to SSH 2. Observe "linux_audit_write_entry failed: Operation not permitted" occurring in system logs after otherwise successful authentication (it does state that the password was accepted before this message). Actual Results: Unable to login to SSH, despite providing correct password. Expected Results: Login via SSH should work. There seems to be a related issue at the Red Hat bug tracker (https://bugzilla.redhat.com/show_bug.cgi?id=183874) where this same issue is experienced, although in the case of that bug the kernel had no security module loaded as opposed to AppArmor. Marking this bug as "Critical" instead of "Major" since SSH doesn't work at all while this occurs. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.