Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
What SELinux context should be used for filesystem on Fedora 30 server?
211 views
Skip to first unread message
nolo...@gmail.com
Oct 30, 2019, 10:39:55 AM10/30/19
to
Hi Everyone,
I'm trying to setup a Git server on Fedora 30 server with SELinux in enforcing mode. Git and SSH are provided by Fedora. I am following https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server
.
I spoke with the Git folks and they feel this is an SSH issue because I am using SSH for the push.
At the push on the local machine:
$ git push -v origin master
Pushing to ssh://git@euclid:/var/callboot/source.git
Enter passphrase for key ...
fatal: '/var/callboot/source.git' does not appear to be a git repository
fatal: Could not read from remote repository.
...
I suspect the SELinux labels for /var/callboot/source.git at the server are not correct. Right now it looks as follows. I've run 'restorecon -Rv /var/callboot/source.git', but I think it needs to be something else.
# ls -Z /var/callboot/source.git/
unconfined_u:object_r:var_t:s0 branches
unconfined_u:object_r:var_t:s0 config
unconfined_u:object_r:var_t:s0 description
unconfined_u:object_r:var_t:s0 HEAD
unconfined_u:object_r:var_t:s0 hooks
unconfined_u:object_r:var_t:s0 info
unconfined_u:object_r:var_t:s0 objects
unconfined_u:object_r:var_t:s0 refs
I tried using sshd_t but chcon fails to set the context. I also tried using sshd_exec_t but the permission denied continued.
Fedora lacks audit2allow and some other tools so I have not been able to get hints from the tools.
What label should be used for /var/callboot/source.git/?
Thanks in advance.
=======================
Here is an audit.log of just the push attempt. The log was cleared before the push.
# echo "" > /var/log/audit/audit.log
# (push from client machine)
# cat /var/log/audit/audit.log
type=CRYPTO_KEY_USER msg=audit(1572446145.617:1188): pid=4019 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:c8:a3:66:1e:2a:85:16:47:2e:65:fc:92:a7:a2:a5:c1:22:46:64:99:e8:30:47:f8:91:fb:ff:7a:59:96:88:d9 direction=? spid=4019 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446145.617:1189): pid=4019 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:d3:7d:70:17:43:62:c7:38:cd:36:f8:d0:36:f0:d2:bb:47:dc:89:60:37:eb:7a:89:bb:f9:fc:87:6e:46:0c direction=? spid=4019 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446145.617:1190): pid=4019 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4019 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1572446145.618:1191): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20...@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=4019 suid=74 rport=51736 laddr=172.16.2.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1572446145.618:1192): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20...@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=4019 suid=74 rport=51736 laddr=172.16.2.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1572446149.231:1193): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="git" exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1572446149.231:1194): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:b0:d9:95:4f:40:db:80:85:25:12:35:00:cf:77:85:62:fe:5b:d2:bc:6e:dc:32:07:84:86:42:cb:9a:b5:2c:2a exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1572446149.280:1195): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1572446149.280:1196): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4019 suid=74 rport=51736 laddr=172.16.2.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1572446149.282:1197): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1572446149.282:1198): pid=4018 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1001 tty=(none) old-ses=4294967295 ses=36 res=1UID="root" OLD-AUID="unset" AUID="git"
type=USER_ROLE_CHANGE msg=audit(1572446149.319:1199): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=SERVICE_START msg=audit(1572446149.367:1200): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1572446149.425:1201): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="git" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ROLE_CHANGE msg=audit(1572446149.466:1202): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1572446149.466:1203): pid=4022 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1001 tty=(none) old-ses=4294967295 ses=37 res=1UID="root" OLD-AUID="unset" AUID="git"
type=USER_START msg=audit(1572446149.468:1204): pid=4022 uid=0 auid=1001 ses=37 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="git" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git"
type=SERVICE_START msg=audit(1572446149.574:1205): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_START msg=audit(1572446149.585:1206): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.586:1207): pid=4030 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:c8:a3:66:1e:2a:85:16:47:2e:65:fc:92:a7:a2:a5:c1:22:46:64:99:e8:30:47:f8:91:fb:ff:7a:59:96:88:d9 direction=? spid=4030 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446149.587:1208): pid=4030 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:d3:7d:70:17:43:62:c7:38:cd:36:f8:d0:36:f0:d2:bb:47:dc:89:60:37:eb:7a:89:bb:f9:fc:87:6e:46:0c direction=? spid=4030 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446149.587:1209): pid=4030 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4030 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRED_ACQ msg=audit(1572446149.589:1210): pid=4030 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=USER_LOGIN msg=audit(1572446149.638:1211): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git" ID="git"
type=USER_START msg=audit(1572446149.638:1212): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git" ID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.640:1213): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4031 suid=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="git"
type=USER_END msg=audit(1572446149.684:1214): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git" ID="git"
type=USER_LOGOUT msg=audit(1572446149.684:1215): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git" ID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.685:1216): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4030 suid=1001 rport=51736 laddr=172.16.2.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="git" SUID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.686:1217): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4030 suid=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="git"
type=USER_END msg=audit(1572446149.687:1218): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=CRED_DISP msg=audit(1572446149.688:1219): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.689:1220): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:c8:a3:66:1e:2a:85:16:47:2e:65:fc:92:a7:a2:a5:c1:22:46:64:99:e8:30:47:f8:91:fb:ff:7a:59:96:88:d9 direction=? spid=4018 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446149.689:1221): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:d3:7d:70:17:43:62:c7:38:cd:36:f8:d0:36:f0:d2:bb:47:dc:89:60:37:eb:7a:89:bb:f9:fc:87:6e:46:0c direction=? spid=4018 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446149.689:1222): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4018 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=SERVICE_STOP msg=audit(1572446159.782:1223): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1572446159.804:1224): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
[root@callmaster callboot]#
=======================
Here are the contexts available.
# grep -IR -E 'ssh' /etc/selinux/targeted/contexts
/etc/selinux/targeted/contexts/default_contexts:system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/lib(64)?/nagios/plugins/check_ssh -- system_u:object_r:nagios_services_plugin_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/[^/]+/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/root/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/pam_ssh(/.*)? system_u:object_r:var_auth_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/pam_ssh(/.*)? system_u:object_r:var_auth_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/ssh/ssh_host.*_key -- system_u:object_r:sshd_key_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/one/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/ssh/ssh_host.*_key\.pub-- system_u:object_r:sshd_key_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/pgsql/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/openshift/[^/]+/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/opt/NX/home/nx/\.ssh(/.*)? system_u:object_r:nx_server_home_ssh_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/NX/home/nx/\.ssh(/.*)? system_u:object_r:nx_server_home_ssh_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/amanda/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/stickshift/[^/]+/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/gitolite/\.ssh(/.*)?system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/nocpulse/\.ssh(/.*)?system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/gitolite3/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/nxserver/home/.ssh(/.*)? system_u:object_r:nx_server_home_ssh_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/openshift/gear/[^/]+/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/lib/systemd/system/sshd.* -- system_u:object_r:sshd_unit_file_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/lib/systemd/system/sshd-keygen.* -- system_u:object_r:sshd_keygen_unit_file_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/bin/ssh -- system_u:object_r:ssh_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/bin/rssh -- system_u:object_r:rssh_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/root/\.shosts system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/sshd -- system_u:object_r:sshd_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/ssh/primes -- system_u:object_r:sshd_key_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/gsisshd -- system_u:object_r:sshd_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/sshd\.pid -- system_u:object_r:sshd_var_run_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/bin/ssh-agent -- system_u:object_r:ssh_agent_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/bin/ssh-keygen -- system_u:object_r:ssh_keygen_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/rc\.d/init\.d/sshd -- system_u:object_r:sshd_initrc_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/sshd-keygen -- system_u:object_r:sshd_keygen_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/sshd\.init\.pid -- system_u:object_r:sshd_var_run_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/cockpit-ssh -- system_u:object_r:cockpit_session_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/sssd/sssd_ssh -- system_u:object_r:sssd_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/nm-ssh-service -- system_u:object_r:ssh_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/lib/openssh/ssh-keysign-- system_u:object_r:ssh_keysign_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/empty/sshd/etc/localtime-- system_u:object_r:locale_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/rssh_chroot_helper -- system_u:object_r:rssh_chroot_helper_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/openssh/sftp-server -- system_u:object_r:bin_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/openssh/ssh-keysign -- system_u:object_r:ssh_keysign_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/openssh/sshd-keygen -- system_u:object_r:sshd_keygen_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/home/[^/]+/\.ssh(/.*)? unconfined_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/home/[^/]+/\.ansible/cp/.* -s unconfined_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/home/[^/]+/\.shostsunconfined_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/openssh_contexts:privsep_preauth=sshd_net_t
/etc/selinux/targeted/contexts/users/guest_u:system_r:sshd_t:s0 guest_r:guest_t:s0
/etc/selinux/targeted/contexts/users/root:#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
/etc/selinux/targeted/contexts/users/staff_u:system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
/etc/selinux/targeted/contexts/users/sysadm_u:system_r:sshd_t:s0 sysadm_r:sysadm_t:s0
/etc/selinux/targeted/contexts/users/unconfined_u:system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
/etc/selinux/targeted/contexts/users/user_u:system_r:sshd_t:s0 user_r:user_t:s0
/etc/selinux/targeted/contexts/users/xguest_u:system_r:sshd_t:s0 xguest_r:xguest_t:s0
I'm trying to setup a Git server on Fedora 30 server with SELinux in enforcing mode. Git and SSH are provided by Fedora. I am following https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server
.
I spoke with the Git folks and they feel this is an SSH issue because I am using SSH for the push.
At the push on the local machine:
$ git push -v origin master
Pushing to ssh://git@euclid:/var/callboot/source.git
Enter passphrase for key ...
fatal: '/var/callboot/source.git' does not appear to be a git repository
fatal: Could not read from remote repository.
...
I suspect the SELinux labels for /var/callboot/source.git at the server are not correct. Right now it looks as follows. I've run 'restorecon -Rv /var/callboot/source.git', but I think it needs to be something else.
# ls -Z /var/callboot/source.git/
unconfined_u:object_r:var_t:s0 branches
unconfined_u:object_r:var_t:s0 config
unconfined_u:object_r:var_t:s0 description
unconfined_u:object_r:var_t:s0 HEAD
unconfined_u:object_r:var_t:s0 hooks
unconfined_u:object_r:var_t:s0 info
unconfined_u:object_r:var_t:s0 objects
unconfined_u:object_r:var_t:s0 refs
I tried using sshd_t but chcon fails to set the context. I also tried using sshd_exec_t but the permission denied continued.
Fedora lacks audit2allow and some other tools so I have not been able to get hints from the tools.
What label should be used for /var/callboot/source.git/?
Thanks in advance.
=======================
Here is an audit.log of just the push attempt. The log was cleared before the push.
# echo "" > /var/log/audit/audit.log
# (push from client machine)
# cat /var/log/audit/audit.log
type=CRYPTO_KEY_USER msg=audit(1572446145.617:1188): pid=4019 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:c8:a3:66:1e:2a:85:16:47:2e:65:fc:92:a7:a2:a5:c1:22:46:64:99:e8:30:47:f8:91:fb:ff:7a:59:96:88:d9 direction=? spid=4019 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446145.617:1189): pid=4019 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:d3:7d:70:17:43:62:c7:38:cd:36:f8:d0:36:f0:d2:bb:47:dc:89:60:37:eb:7a:89:bb:f9:fc:87:6e:46:0c direction=? spid=4019 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446145.617:1190): pid=4019 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4019 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1572446145.618:1191): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=chacha20...@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=4019 suid=74 rport=51736 laddr=172.16.2.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1572446145.618:1192): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=chacha20...@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=4019 suid=74 rport=51736 laddr=172.16.2.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1572446149.231:1193): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="git" exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1572446149.231:1194): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:b0:d9:95:4f:40:db:80:85:25:12:35:00:cf:77:85:62:fe:5b:d2:bc:6e:dc:32:07:84:86:42:cb:9a:b5:2c:2a exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1572446149.280:1195): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1572446149.280:1196): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4019 suid=74 rport=51736 laddr=172.16.2.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1572446149.282:1197): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1572446149.282:1198): pid=4018 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1001 tty=(none) old-ses=4294967295 ses=36 res=1UID="root" OLD-AUID="unset" AUID="git"
type=USER_ROLE_CHANGE msg=audit(1572446149.319:1199): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=SERVICE_START msg=audit(1572446149.367:1200): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1572446149.425:1201): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="git" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ROLE_CHANGE msg=audit(1572446149.466:1202): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1572446149.466:1203): pid=4022 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1001 tty=(none) old-ses=4294967295 ses=37 res=1UID="root" OLD-AUID="unset" AUID="git"
type=USER_START msg=audit(1572446149.468:1204): pid=4022 uid=0 auid=1001 ses=37 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="git" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git"
type=SERVICE_START msg=audit(1572446149.574:1205): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_START msg=audit(1572446149.585:1206): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.586:1207): pid=4030 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:c8:a3:66:1e:2a:85:16:47:2e:65:fc:92:a7:a2:a5:c1:22:46:64:99:e8:30:47:f8:91:fb:ff:7a:59:96:88:d9 direction=? spid=4030 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446149.587:1208): pid=4030 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:d3:7d:70:17:43:62:c7:38:cd:36:f8:d0:36:f0:d2:bb:47:dc:89:60:37:eb:7a:89:bb:f9:fc:87:6e:46:0c direction=? spid=4030 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446149.587:1209): pid=4030 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4030 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRED_ACQ msg=audit(1572446149.589:1210): pid=4030 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=USER_LOGIN msg=audit(1572446149.638:1211): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git" ID="git"
type=USER_START msg=audit(1572446149.638:1212): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git" ID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.640:1213): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4031 suid=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="git"
type=USER_END msg=audit(1572446149.684:1214): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git" ID="git"
type=USER_LOGOUT msg=audit(1572446149.684:1215): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git" ID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.685:1216): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4030 suid=1001 rport=51736 laddr=172.16.2.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="git" SUID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.686:1217): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4030 suid=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="git"
type=USER_END msg=audit(1572446149.687:1218): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=CRED_DISP msg=audit(1572446149.688:1219): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.689:1220): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:c8:a3:66:1e:2a:85:16:47:2e:65:fc:92:a7:a2:a5:c1:22:46:64:99:e8:30:47:f8:91:fb:ff:7a:59:96:88:d9 direction=? spid=4018 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446149.689:1221): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:d3:7d:70:17:43:62:c7:38:cd:36:f8:d0:36:f0:d2:bb:47:dc:89:60:37:eb:7a:89:bb:f9:fc:87:6e:46:0c direction=? spid=4018 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446149.689:1222): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4018 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=SERVICE_STOP msg=audit(1572446159.782:1223): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1572446159.804:1224): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
[root@callmaster callboot]#
=======================
Here are the contexts available.
# grep -IR -E 'ssh' /etc/selinux/targeted/contexts
/etc/selinux/targeted/contexts/default_contexts:system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/lib(64)?/nagios/plugins/check_ssh -- system_u:object_r:nagios_services_plugin_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/[^/]+/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/root/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/pam_ssh(/.*)? system_u:object_r:var_auth_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/pam_ssh(/.*)? system_u:object_r:var_auth_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/ssh/ssh_host.*_key -- system_u:object_r:sshd_key_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/one/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/ssh/ssh_host.*_key\.pub-- system_u:object_r:sshd_key_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/pgsql/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/openshift/[^/]+/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/opt/NX/home/nx/\.ssh(/.*)? system_u:object_r:nx_server_home_ssh_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/NX/home/nx/\.ssh(/.*)? system_u:object_r:nx_server_home_ssh_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/amanda/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/stickshift/[^/]+/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/gitolite/\.ssh(/.*)?system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/nocpulse/\.ssh(/.*)?system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/gitolite3/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/nxserver/home/.ssh(/.*)? system_u:object_r:nx_server_home_ssh_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/openshift/gear/[^/]+/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/lib/systemd/system/sshd.* -- system_u:object_r:sshd_unit_file_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/lib/systemd/system/sshd-keygen.* -- system_u:object_r:sshd_keygen_unit_file_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/bin/ssh -- system_u:object_r:ssh_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/bin/rssh -- system_u:object_r:rssh_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/root/\.shosts system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/sshd -- system_u:object_r:sshd_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/ssh/primes -- system_u:object_r:sshd_key_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/gsisshd -- system_u:object_r:sshd_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/sshd\.pid -- system_u:object_r:sshd_var_run_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/bin/ssh-agent -- system_u:object_r:ssh_agent_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/bin/ssh-keygen -- system_u:object_r:ssh_keygen_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/rc\.d/init\.d/sshd -- system_u:object_r:sshd_initrc_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/sshd-keygen -- system_u:object_r:sshd_keygen_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/sshd\.init\.pid -- system_u:object_r:sshd_var_run_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/cockpit-ssh -- system_u:object_r:cockpit_session_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/sssd/sssd_ssh -- system_u:object_r:sssd_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/nm-ssh-service -- system_u:object_r:ssh_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/lib/openssh/ssh-keysign-- system_u:object_r:ssh_keysign_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/empty/sshd/etc/localtime-- system_u:object_r:locale_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/rssh_chroot_helper -- system_u:object_r:rssh_chroot_helper_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/openssh/sftp-server -- system_u:object_r:bin_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/openssh/ssh-keysign -- system_u:object_r:ssh_keysign_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/openssh/sshd-keygen -- system_u:object_r:sshd_keygen_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/home/[^/]+/\.ssh(/.*)? unconfined_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/home/[^/]+/\.ansible/cp/.* -s unconfined_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/home/[^/]+/\.shostsunconfined_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/openssh_contexts:privsep_preauth=sshd_net_t
/etc/selinux/targeted/contexts/users/guest_u:system_r:sshd_t:s0 guest_r:guest_t:s0
/etc/selinux/targeted/contexts/users/root:#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
/etc/selinux/targeted/contexts/users/staff_u:system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
/etc/selinux/targeted/contexts/users/sysadm_u:system_r:sshd_t:s0 sysadm_r:sysadm_t:s0
/etc/selinux/targeted/contexts/users/unconfined_u:system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
/etc/selinux/targeted/contexts/users/user_u:system_r:sshd_t:s0 user_r:user_t:s0
/etc/selinux/targeted/contexts/users/xguest_u:system_r:sshd_t:s0 xguest_r:xguest_t:s0
0 new messages