SSH SeLinux issue.

Soldato
Joined
18 May 2010
Posts
22,302
Location
London
Hi Guys.

I am trying to set up key based authentication between one Master server and bunch of clients

We are using a non standard home directory for this user so SELinux was compiling.

I made it work between the master and one of the clients and then proceeded to puppetise the solution.

The issue is that SELinux seems to behave differently on the next machine I am running my puppet script on.

The SELinux contexts are not being set at all. I have verified that if I turn off SELInux it works.

How do I make SELinux work more consistently.

What I have done is this (It's in puppet speak but you can see the Linux in the code):

file_line { 'user_home_t':
path => '/etc/selinux/targeted/contexts/files/file_contexts.homedirs',
line => '/localhome/myuser/.+ unconfined_u:object_r:user_home_t:s0',
}

file_line { 'ssh_home_t':
path => '/etc/selinux/targeted/contexts/files/file_contexts.homedirs',
line => '/localhome/myuser/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0',

exec { 'restorecon ':
command => "restorecon -R -v /localhome/myuser,
}

As I said this works perfectly on one client. It sets the SELinux contexts. However on the next machine the directories created remain with the wrong SELinux contexts, even tho they should be identical.

I've also run sealert on the /var/log/audit/audit.log logfile.
 
Back
Top Bottom