Hi Everyone,
I'm trying to setup a Git server on Fedora 30 server with SELinux in enforcing mode. Git and SSH are provided by Fedora. I am following
https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server
.
I spoke with the Git folks and they feel this is an SSH issue because I am using SSH for the push.
At the push on the local machine:
$ git push -v origin master
Pushing to ssh://git@euclid:/var/callboot/source.git
Enter passphrase for key ...
fatal: '/var/callboot/source.git' does not appear to be a git repository
fatal: Could not read from remote repository.
...
I suspect the SELinux labels for /var/callboot/source.git at the server are not correct. Right now it looks as follows. I've run 'restorecon -Rv /var/callboot/source.git', but I think it needs to be something else.
# ls -Z /var/callboot/source.git/
unconfined_u:object_r:var_t:s0 branches
unconfined_u:object_r:var_t:s0 config
unconfined_u:object_r:var_t:s0 description
unconfined_u:object_r:var_t:s0 HEAD
unconfined_u:object_r:var_t:s0 hooks
unconfined_u:object_r:var_t:s0 info
unconfined_u:object_r:var_t:s0 objects
unconfined_u:object_r:var_t:s0 refs
I tried using sshd_t but chcon fails to set the context. I also tried using sshd_exec_t but the permission denied continued.
Fedora lacks audit2allow and some other tools so I have not been able to get hints from the tools.
What label should be used for /var/callboot/source.git/?
Thanks in advance.
=======================
Here is an audit.log of just the push attempt. The log was cleared before the push.
# echo "" > /var/log/audit/audit.log
# (push from client machine)
# cat /var/log/audit/audit.log
type=CRYPTO_KEY_USER msg=audit(1572446145.617:1188): pid=4019 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:c8:a3:66:1e:2a:85:16:47:2e:65:fc:92:a7:a2:a5:c1:22:46:64:99:e8:30:47:f8:91:fb:ff:7a:59:96:88:d9 direction=? spid=4019 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446145.617:1189): pid=4019 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:d3:7d:70:17:43:62:c7:38:cd:36:f8:d0:36:f0:d2:bb:47:dc:89:60:37:eb:7a:89:bb:f9:fc:87:6e:46:0c direction=? spid=4019 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446145.617:1190): pid=4019 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4019 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" SUID="root"
type=CRYPTO_SESSION msg=audit(1572446145.618:1191): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=
chacha20...@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=4019 suid=74 rport=51736 laddr=172.16.2.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRYPTO_SESSION msg=audit(1572446145.618:1192): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=
chacha20...@openssh.com ksize=512 mac=<implicit> pfs=curve25519-sha256 spid=4019 suid=74 rport=51736 laddr=172.16.2.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=USER_AUTH msg=audit(1572446149.231:1193): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=pubkey_auth grantors=auth-key acct="git" exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1572446149.231:1194): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=negotiate kind=auth-key fp=SHA256:b0:d9:95:4f:40:db:80:85:25:12:35:00:cf:77:85:62:fe:5b:d2:bc:6e:dc:32:07:84:86:42:cb:9a:b5:2c:2a exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1572446149.280:1195): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="unset"
type=CRYPTO_KEY_USER msg=audit(1572446149.280:1196): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4019 suid=74 rport=51736 laddr=172.16.2.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="unset" SUID="sshd"
type=CRED_ACQ msg=audit(1572446149.282:1197): pid=4018 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1572446149.282:1198): pid=4018 uid=0 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1001 tty=(none) old-ses=4294967295 ses=36 res=1UID="root" OLD-AUID="unset" AUID="git"
type=USER_ROLE_CHANGE msg=audit(1572446149.319:1199): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=SERVICE_START msg=audit(1572446149.367:1200): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ACCT msg=audit(1572446149.425:1201): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="git" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_ROLE_CHANGE msg=audit(1572446149.466:1202): pid=4022 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='pam: default-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 selected-context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=LOGIN msg=audit(1572446149.466:1203): pid=4022 uid=0 subj=system_u:system_r:init_t:s0 old-auid=4294967295 auid=1001 tty=(none) old-ses=4294967295 ses=37 res=1UID="root" OLD-AUID="unset" AUID="git"
type=USER_START msg=audit(1572446149.468:1204): pid=4022 uid=0 auid=1001 ses=37 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="git" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git"
type=SERVICE_START msg=audit(1572446149.574:1205): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=USER_START msg=audit(1572446149.585:1206): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.586:1207): pid=4030 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:c8:a3:66:1e:2a:85:16:47:2e:65:fc:92:a7:a2:a5:c1:22:46:64:99:e8:30:47:f8:91:fb:ff:7a:59:96:88:d9 direction=? spid=4030 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446149.587:1208): pid=4030 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:d3:7d:70:17:43:62:c7:38:cd:36:f8:d0:36:f0:d2:bb:47:dc:89:60:37:eb:7a:89:bb:f9:fc:87:6e:46:0c direction=? spid=4030 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446149.587:1209): pid=4030 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4030 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRED_ACQ msg=audit(1572446149.589:1210): pid=4030 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=USER_LOGIN msg=audit(1572446149.638:1211): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git" ID="git"
type=USER_START msg=audit(1572446149.638:1212): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git" ID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.640:1213): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4031 suid=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="git"
type=USER_END msg=audit(1572446149.684:1214): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git" ID="git"
type=USER_LOGOUT msg=audit(1572446149.684:1215): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1001 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git" ID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.685:1216): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=4030 suid=1001 rport=51736 laddr=172.16.2.1 lport=22 exe="/usr/sbin/sshd" hostname=? addr=172.16.4.8 terminal=? res=success'UID="root" AUID="git" SUID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.686:1217): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4030 suid=1001 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="git"
type=USER_END msg=audit(1572446149.687:1218): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=CRED_DISP msg=audit(1572446149.688:1219): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="git" exe="/usr/sbin/sshd" hostname=172.16.4.8 addr=172.16.4.8 terminal=ssh res=success'UID="root" AUID="git"
type=CRYPTO_KEY_USER msg=audit(1572446149.689:1220): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:c8:a3:66:1e:2a:85:16:47:2e:65:fc:92:a7:a2:a5:c1:22:46:64:99:e8:30:47:f8:91:fb:ff:7a:59:96:88:d9 direction=? spid=4018 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446149.689:1221): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:5b:d3:7d:70:17:43:62:c7:38:cd:36:f8:d0:36:f0:d2:bb:47:dc:89:60:37:eb:7a:89:bb:f9:fc:87:6e:46:0c direction=? spid=4018 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=CRYPTO_KEY_USER msg=audit(1572446149.689:1222): pid=4018 uid=0 auid=1001 ses=36 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:99:67:10:5a:13:1c:9b:c5:78:ad:3b:e0:c1:72:d9:d3:b7:1c:b6:8d:00:3e:90:d2:e8:16:82:23:7c:ad:c1:c0 direction=? spid=4018 suid=0 exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="git" SUID="root"
type=SERVICE_STOP msg=audit(1572446159.782:1223): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
type=SERVICE_STOP msg=audit(1572446159.804:1224): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=user-runtime-dir@1001 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
[root@callmaster callboot]#
=======================
Here are the contexts available.
# grep -IR -E 'ssh' /etc/selinux/targeted/contexts
/etc/selinux/targeted/contexts/default_contexts:system_r:sshd_t:s0 user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/lib(64)?/nagios/plugins/check_ssh -- system_u:object_r:nagios_services_plugin_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/[^/]+/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/root/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/pam_ssh(/.*)? system_u:object_r:var_auth_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/pam_ssh(/.*)? system_u:object_r:var_auth_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/ssh/ssh_host.*_key -- system_u:object_r:sshd_key_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/one/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/ssh/ssh_host.*_key\.pub-- system_u:object_r:sshd_key_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/pgsql/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/openshift/[^/]+/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/opt/NX/home/nx/\.ssh(/.*)? system_u:object_r:nx_server_home_ssh_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/NX/home/nx/\.ssh(/.*)? system_u:object_r:nx_server_home_ssh_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/amanda/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/stickshift/[^/]+/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/gitolite/\.ssh(/.*)?system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/nocpulse/\.ssh(/.*)?system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/gitolite3/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/nxserver/home/.ssh(/.*)? system_u:object_r:nx_server_home_ssh_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/lib/openshift/gear/[^/]+/\.ssh(/.*)? system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/lib/systemd/system/sshd.* -- system_u:object_r:sshd_unit_file_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/lib/systemd/system/sshd-keygen.* -- system_u:object_r:sshd_keygen_unit_file_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/bin/ssh -- system_u:object_r:ssh_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/bin/rssh -- system_u:object_r:rssh_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/root/\.shosts system_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/sshd -- system_u:object_r:sshd_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/ssh/primes -- system_u:object_r:sshd_key_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/gsisshd -- system_u:object_r:sshd_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/sshd\.pid -- system_u:object_r:sshd_var_run_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/bin/ssh-agent -- system_u:object_r:ssh_agent_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/bin/ssh-keygen -- system_u:object_r:ssh_keygen_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/etc/rc\.d/init\.d/sshd -- system_u:object_r:sshd_initrc_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/sbin/sshd-keygen -- system_u:object_r:sshd_keygen_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/run/sshd\.init\.pid -- system_u:object_r:sshd_var_run_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/cockpit-ssh -- system_u:object_r:cockpit_session_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/sssd/sssd_ssh -- system_u:object_r:sssd_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/nm-ssh-service -- system_u:object_r:ssh_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/lib/openssh/ssh-keysign-- system_u:object_r:ssh_keysign_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/var/empty/sshd/etc/localtime-- system_u:object_r:locale_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/rssh_chroot_helper -- system_u:object_r:rssh_chroot_helper_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/openssh/sftp-server -- system_u:object_r:bin_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/openssh/ssh-keysign -- system_u:object_r:ssh_keysign_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts:/usr/libexec/openssh/sshd-keygen -- system_u:object_r:sshd_keygen_exec_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/home/[^/]+/\.ssh(/.*)? unconfined_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/home/[^/]+/\.ansible/cp/.* -s unconfined_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/files/file_contexts.homedirs:/home/[^/]+/\.shostsunconfined_u:object_r:ssh_home_t:s0
/etc/selinux/targeted/contexts/openssh_contexts:privsep_preauth=sshd_net_t
/etc/selinux/targeted/contexts/users/guest_u:system_r:sshd_t:s0 guest_r:guest_t:s0
/etc/selinux/targeted/contexts/users/root:#system_r:sshd_t:s0 unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
/etc/selinux/targeted/contexts/users/staff_u:system_r:sshd_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
/etc/selinux/targeted/contexts/users/sysadm_u:system_r:sshd_t:s0 sysadm_r:sysadm_t:s0
/etc/selinux/targeted/contexts/users/unconfined_u:system_r:sshd_t:s0 unconfined_r:unconfined_t:s0
/etc/selinux/targeted/contexts/users/user_u:system_r:sshd_t:s0 user_r:user_t:s0
/etc/selinux/targeted/contexts/users/xguest_u:system_r:sshd_t:s0 xguest_r:xguest_t:s0