ssh connection closed RHEL 6.5

[arnos]

I'm puzzled by this behaviour I'm not able to create a single container with SSHD working as expected (connection gets closed by the host as soon as authentication is validated).

I'm running RHEL 6.5, kernel 2.6.32, Docker 0.9.0 (build 2b3fdf2/0.9.0)

I've also tried with Docker 0.9.1-1

I've tried with the following containers
hzhang/centos-ssh
sameersbn/gitlab (6.7.2 & 6.7.3)

I've built the http://docs.docker.io/en/latest/examples/running_ssh_service/

Everything looks fine until the authentication is accepted and then the connection closes

debug1: Next authentication method: password
root@localhost's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: channel 0: free: client-session, nchannels 1
Connection to localhost closed by remote host.
Connection to localhost closed.
Transferred: sent 1896, received 1984 bytes, in 0.0 seconds
Bytes per second: sent 181574.1, received 190001.6
debug1: Exit status -1

[arnos]

Opened a bug report on Red Hat bugzilla as it affects CentOS 6.4, 6.5 and RHEL 6.5 but not Ubuntu 12.04, 12.10 or 13.04 https://bugzilla.redhat.com/show_bug.cgi?id=1085081

[arnos]

Running sshd -dddd

I've got

debug1: SELinux support enabled
debug3: ssh_selinux_setup_exec_context: setting execution context
ssh_selinux_getctxbyname: Failed to get default SELinux security context for root
ssh_selinux_setup_exec_context: security_getenforce() failed
debug1: do_cleanup

which pointed me to https://groups.google.com/forum/#!msg/docker-user/7EyZthXHcww/B3YAV0XsxNAJ

Disabling SELinux worked, setting it to permissive didn't.

There's a pull requested that pull request regarding SELinux support in docker that was merged 12 days ago, perhaps will be included in the next rpm release #4211.

[arnos]

I've checked and SELinux pull was included in Docker 0.10.0 and I got the 0.10.0-2 RPM for RHEL installed but I still get the same error as Guy

debug1: SELinux support enabled
debug3: ssh_selinux_setup_pty: setting TTY context on /dev/pts/0
ssh_selinux_getctxbyname: ssh_selinux_getctxbyname: security_getenforce() failed
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session

Similar by disabling SELinux everything works like a charm, but setting it to either Enforcing or Permissive and it fails.

No logs on either the host or container under /var/log/messages for SELinux errors

Link to RH bugzilla issue 1085081

[pnasrat]

As on user list

You might want to install setroubleshoot-server on the RHEL host then
check /var/log/audit/audit.log IIRC

I don't have a RHEL 6 box to hand but this looks relevant
http://blog.slacknet.ca/planet-cdot/selinuxs-setroubleshoot-install-on-a-rhel6-server/

[arnos]

Ok checked the audit.log, but I only see lines that indicate success and
that it's running on files with unconfined label

55 uid=501 auid=501 ses=4
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='cwd="/home/docker" cmd=6C73202F7661722F6C6F672F6175646974
terminal=pts/4 res=success'

On Wed, Apr 16, 2014 at 9:35 AM, Paul Nasrat notifications@github.comwrote:

As on user list

You might want to install setroubleshoot-server on the RHEL host then
check /var/log/audit/audit.log IIRC

I don't have a RHEL 6 box to hand but this looks relevant

http://blog.slacknet.ca/planet-cdot/selinuxs-setroubleshoot-install-on-a-rhel6-server/

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/5032#issuecomment-40598839
.

[arnos]

With a yum update the issue now resolved itself.

[tradeshark]

thanks arnos,after i run yum update ,everything ok!!!!