1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH SeLinux issue.

Discussion in 'Linux & Open Source' started by opethdisciple, Sep 13, 2018 at 5:05 PM.

  1. opethdisciple

    Capodecina

    Joined: May 18, 2010

    Posts: 16,823

    Location: London

    Hi Guys.

    I am trying to set up key based authentication between one Master server and bunch of clients

    We are using a non standard home directory for this user so SELinux was compiling.

    I made it work between the master and one of the clients and then proceeded to puppetise the solution.

    The issue is that SELinux seems to behave differently on the next machine I am running my puppet script on.

    The SELinux contexts are not being set at all. I have verified that if I turn off SELInux it works.

    How do I make SELinux work more consistently.

    What I have done is this (It's in puppet speak but you can see the Linux in the code):

    file_line { 'user_home_t':
    path => '/etc/selinux/targeted/contexts/files/file_contexts.homedirs',
    line => '/localhome/myuser/.+ unconfined_u:object_r:user_home_t:s0',
    }

    file_line { 'ssh_home_t':
    path => '/etc/selinux/targeted/contexts/files/file_contexts.homedirs',
    line => '/localhome/myuser/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0',

    exec { 'restorecon ':
    command => "restorecon -R -v /localhome/myuser,
    }

    As I said this works perfectly on one client. It sets the SELinux contexts. However on the next machine the directories created remain with the wrong SELinux contexts, even tho they should be identical.

    I've also run sealert on the /var/log/audit/audit.log logfile.
     
  2. opethdisciple

    Capodecina

    Joined: May 18, 2010

    Posts: 16,823

    Location: London

    I think I know what the answer is.....

    It's a puppet issue. "" vs ''

    One is a literal string the other interpolates.

    I have a variable set as my user which isn't being resolved.